Why real-time intelligence matters for managing third-party risk SPONSOR

Why real-time intelligence matters for managing third-party risk

Many thanks to the great folks at Recorded Future, who have sponsored my writing for the last week.

As leading companies in every industry today are undergoing digital transformation, the lines are blurring between any one organization and its partners, suppliers, vendors, and other third parties.

In this new report, ESG examines how these business relationships can introduce new risks that need to be identified and managed “as if these third parties were part of the enterprise itself.”

Download your copy now of “Third-Party Risk: Why Real-Time Intelligence Matters”

About Recorded Future

Recorded Future delivers the only complete threat intelligence solution powered by patented machine learning to lower risk. We empower organizations to reveal unknown threats before they impact business, and enable teams to respond to alerts 10 times faster. To supercharge the efforts of security teams, our technology automatically collects and analyzes intelligence from technical, open web, and dark web sources and aggregates customer-proprietary data.

Recorded Future delivers more context than threat feeds, updates in real time so intelligence stays relevant, and centralizes information ready for human analysis, collaboration, and integration with security technologies. 91 percent of the Fortune 100 use Recorded Future.


If you’re interested in sponsoring my site for a week, and reaching an IT-savvy audience that cares about computer security, you can find more information here.

Read more...
Smashing Security #121: Hijacked motel rooms, ASUS PCs, and leaky apps PODCAST

Smashing Security #121: Hijacked motel rooms, ASUS PCs, and leaky apps

An app leaking private conversations and intimate photographs is ignoring requests to fix the problem, hackers poison a security update sent to ASUS PCs, and how to protect your privacy in motel rooms.

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Maria Varmazis.

Read more...
Asus pushes out urgent security update after its own automatic Live Update tool was hacked

Asus pushes out urgent security update after its own automatic Live Update tool was hacked

Taiwan-based technology giant Asus is advising concerned customers to run a newly-created diagnostic tool on their Windows computers after hackers pushed out malware to what some security researchers have estimated to be as many as one million PCs using Asus’s own Live Update software tool.

Read more in my article on the Tripwire State of Security blog.

Read more...
A Twitter PSA for twits

A PSA for twits on Twitter

Twitter users have been warned not to fall for a prank that claimed their user interface would change colour if they told the service they were born in 2007, after a wave of users locked themselves out of their accounts for being underage.

Read more...
Google and Facebook scammed out of $123 million by man posing as hardware vendor

Google and Facebook scammed out of $123 million by man posing as hardware vendor

Even the most tech savvy companies in the world can fall for business email compromise.

A Lithuanian man has this week pleaded guilty to tricking Google and Facebook into transferring over $100 million into a bank account under his control after posing as a company that provided the internet giants with hardware for their data centers.

Read more in my article on the Tripwire State of Security blog.

Read more...
Smashing Security #120: Silk Road with Deliveroo PODCAST

Smashing Security #120: Silk Road with Deliveroo

Online drug dealers get busted due to poor OPSEC! People are still failing to wipe their USB sticks properly! A potential presidential candidate is outed as a former hacker! Flat Earthers! Pi! Empathy!

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Paul Ducklin.

Read more...
#####EOF##### Web Browsers Archives - Graham Cluley

Archive | Web Browsers

Malicious Chrome extension which sloppily spied on academics believed to originate from North Korea

Malicious Chrome extension which sloppily spied on academics believed to originate from North Korea

Computer users are being reminded once again to take care over the browser extensions they install after security experts discovered a hacking campaign that has been targeting academic institutions since at least May 2018.

Read more in my article on the Tripwire State of Security blog.

Read more...
Smashing Security #094: Rogue browser extensions, Twitter presence, and how to cheat in exams PODCAST

Smashing Security #094: Rogue browser extensions, Twitter presence, and how to cheat in exams

What’s the danger when browser extensions go bad? Is Twitter sharing your online status a boon for stalkers? And which of the show’s hosts is going to admit to cheating in their exams?

All this and much much more is discussed in the latest edition of the award-winning “Smashing Security” podcast hosted by computer security veterans Graham Cluley and Carole Theriault, joined this week by technology journalist David McClelland.

Read more...
Smashing Security #088: PayPal’s Venmo app even makes your drug purchases public PODCAST

Smashing Security #088: PayPal’s Venmo app even makes your drug purchases public

Not one of Google’s 85,000 employees has had their accounts compromised by phishing in a year.  How have they done it? Find out in this podcast.

Also, we discuss with special guest Scott Helme how websites still using HTTP are now marked as “not secure” by Google Chrome, and if you’re buying drugs via PayPal’s Venmo app you should say goodbye to privacy.

All this and much much more is discussed in the latest edition of the award-winning “Smashing Security” podcast hosted by computer security veterans Graham Cluley and Carole Theriault.

Read more...
Smashing Security #067: Cyber stalking and gun control PODCAST

Smashing Security #067: Cyber stalking and gun control

Incognito mode on your browser not as private as you think, consumer spyware companies get hacked, Graham is accused of “multitasking” in his hotel room, and Carole champions the students of Parkland, Florida.

All this and much much more is discussed in the latest edition of the “Smashing Security” podcast with computer security veterans Graham Cluley and Carole Theriault.

Read more...
#####EOF##### Windows Archives - Graham Cluley

Archive | Windows

Smashing Security #121: Hijacked motel rooms, ASUS PCs, and leaky apps PODCAST

Smashing Security #121: Hijacked motel rooms, ASUS PCs, and leaky apps

An app leaking private conversations and intimate photographs is ignoring requests to fix the problem, hackers poison a security update sent to ASUS PCs, and how to protect your privacy in motel rooms.

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Maria Varmazis.

Read more...
Windows 10 flaw allowed attackers to open malicious websites… even if your PC was locked

Windows 10 flaw allowed attackers to open malicious websites… even if your PC was locked

You may think your Windows 10 computer is locked, but is it really?

Israeli researchers have discovered a way of just using voice commands to make locked Windows 10 computers visit a website under the control of malicious hackers… and potentially install malware.

Read more in my article on the Hot for Security blog.

Read more...
#####EOF##### Fake anti-virus Archives - Graham Cluley

Archive | Fake anti-virus

Virus Bulletin - aside from the talks there was plenty of free beer and table football VIDEO

Virus Bulletin - aside from the talks there was plenty of free beer and table football

Virus Bulletin, the anti-malware industry’s annual conference, wasn’t just about the excellent technical talks and opportunities to network with the smart folks behind most of the world’s anti-virus products.

There were also opportunities to have some fun in Berlin…

Read more...
#####EOF##### About Graham Cluley's website

About

Graham Cluley, public speaker and independent computer security analyst.

Graham CluleyI’ve been working in the computer security industry since the early 1990s, when I worked as a programmer, writing the first ever version of Dr Solomon’s Anti-Virus Toolkit for Windows.

Subsequently I was employed in senior roles by Sophos (where I founded the Naked Security blog) and McAfee. In 2011, I was honoured to be inducted into the Infosecurity Europe Hall of Fame.

Since 2013 I’ve been having fun working for myself. As well as being an independent blogger, podcaster, and talking to the media about computer security issues, you can also hire me to speak at your company’s events or conferences.

I have given talks around the world at events such as Microsoft Future Decoded, RSA, Infosec, Web Summit, EICAR, AVAR, ICSA, ISSA, Virus Bulletin, Ja.net, Campus Party and the European Internet Security Forum.

Here’s how to contact me.

I’ve also made thousands of international media appearances on TV, radio and print, including NPR, BBC, Sky, Fox, CNN, Mashable, and TechCrunch, as well as written columns on computer security for publications such as The Telegraph, IT Week, Computer Weekly, VNUNet and the BBC College of Journalism.

Graham Cluley media appearances

Check out some of the awards that I have been lucky enough to win.

And here are some nice things people have said about me.

Newsletter

Do you want to make sure that you never miss a hot computer security story?

GCHQ is the unmissable email newsletter you can receive for free – straight from my desk – containing all the latest security-related stories, hints and tips published on this website.

Graham Cluley's Security Newsletter

Complaints

If you have a concern about any posting or comment being factually incorrect, please

Please provide details of who you are, how I can contact you, what your interest is, and what your concern is. If something has been written that is factually incorrect, it will be addressed. Anonymous complaints will be ignored.

Got a story for me?

If you think you’ve stumbled across a new piece of malware, a dodgy scam, or just want to say hi, it would be great to hear from you.

I can’t promise to respond in person to every tip I receive because of the sheer volume, but I do read them all and write about as many as I can.

I’m sorry but I cannot respond to individual requests for troubleshooting or tech support. I also won’t tell you how to hack your partner’s Facebook account because you suspect they’re cheating on you. Sorry.

Cluley Associates Limited is a registered company in England and Wales. Company Number: 8896223.
#####EOF##### Hydro working hard to recover following ransomware attack

Hydro working hard to recover following ransomware attack

Company says it will not pay ransom to extortionists.
               

Norsk

More details have emerged regarding the cyber attack that has this week severely impacted operations at Norsk Hydro, one of the world’s largest producers of aluminium, and a major producer of hydroelectric power in Norway.

The company has confirmed that it was a victim of a ransomware attack, which saw computer files encrypted and their means of decryption withheld unless the extortionists receive payment in Bitcoin. Effectively, infected organisations are locked out of their data.

Lockergoga locked files

Hydro’s entire global network was taken down by the attack. The company’s US factories were amongst those affected, as well as smelting plants in Norway. However, other facilities - including the firm’s power plants - are functioning normally.

The Norwegian National Security Authority (NSM) has said that the relatively new LockerGoga ransomware was to blame for the incident. Norway’s National Cyber Security Center (NorCERT) is believed to have warned the country’s public agencies about the attack, in an attempt to prevent the further spread of the malware.

Unlike many other families of ransomware, LockerGoga appears to only be being used in a limited fashion, with specific organisations being targeted for attack. And for that reason it doesn’t have its own mechanism of spreading throughout an organisation.

That makes LockerGoga different from other hard-hitting ransomware such as Wannacry or NotPetya, which cared little about the organisations it infected. For LockerGoga to be successfully deployed inside a targeted organisation it needs to already have admin rights.

NorCERT has said that the ransomware attack was combined with an attack against the firm’s Active Directory, which may have been used to spread the LockerGoga ransomware throughout the organisation.

Security expert Kevin Beaumont has tweeted that the attack bears similarities to one which hit French engineering firm Altran Technologies earlier this year.

You can’t help but get the feeling that this was a highly-organised extortion attempt against Hydro.

Lockergoga message

At a news conference, Hydro’s finance director Eivind Kallevik said that the company would not pay the extortionists:

“We have good back-up routines. Our main strategy is to reinstall data from the back-up systems.”

As we’ve discussed before, you don’t want to find yourself in the position of having to pay the criminals behind a ransomware attack.

Build your defences and segment your network to reduce the chances of an attack successfully entering your organisation, and ensure that you have a secure, working backups of your critical data so you can get back up and running as soon as possible if an incident does occur.

According to a Reuters report, Hydro is beginning to restart some of its operations today but says “it is still (too) early to estimate the exact operational and financial impact.”

Tags: , , , , ,

Share this article:

   Join thousands of others and sign up to our free "GCHQ" newsletter.

Smashing Security podcast
Check out "Smashing Security", the award-winning weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"It's brilliant!" • "Three people having fun in an industry often focused on bad news" • Winner of the Best Security Podcast 2018

Latest episodes:
Listen on Apple Podcasts Listen on Google Podcasts

, , , , ,

No comments yet.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

#####EOF##### Hackers poison Asus software updates, may have infected one million PCs

Hackers poison Asus software updates, may have infected one million PCs

Operation ShadowHammer highlights supply-chain threats.
               

A million Asus PCs may have downloaded a poisoned update
What’s happened?
Hundreds of thousands of Asus PCs may have been infected with malware installed by Asus’s own automatic Live Update tool.

Why on earth would Asus want to do such a thing?
They didn’t. According to researchers at Kaspersky, who have dubbed the attack “Operation ShadowHammer”, malicious hackers managed to plant the malware on Asus’s update servers and actually signed it with two of the company’s legitimate digital certificates.

How did hackers manage to poison Asus’s software update?
We don’t know.

How did the hackers manage to get hold of Asus’s code-signing certificates?
We don’t know.

You don’t seem to know very much. What did this malicious Asus update do?
The malicious update scans to determine the device’s network adaptor’s unique MAC address, and if matches one on a list of hashes hardcoded within the malware, downloads more malicious code down from a command and control server under the hackers’ control.

MAC? I thought we were talking about PCs?
Yes, we are talking about Asus notebook PCs running Windows. A MAC (Media Access Control) address is not something from Apple, it’s a unique identifier assigned to network interface hardware by manufacturers.

So they weren’t targeting all of the PCs that have installed the update? Only the ones which matched particular MAC addresses?
Correct. Although Kaspersky researchers say they have identified 57,000 of their users who have downloaded and installed the trojanised version of Asus Live Update (and they believe there may be over one million non-Kaspersky users similarly affected), they have only uncovered approximately 600 unique MAC addresses from the 200+ samples of the malware they have seen to date.

In other words, roughly 600 PCs were being targeted by the attackers. Kaspersky researchers have warned that there may be other examples of the malware out there including more MAC addresses.

Why would the attacker only want to install malicious code on a small subset of the compromised computers?
It’s hard to answer that question definitively, but one reason might be that they didn’t wish to draw attention to themselves and keep the operation “live” for as long as possible.

How long were Asus computers downloading the rogue update?
Kaspersky says that it was affecting a large number of users between June and November 2018. According to a report by Motherboard, Kaspersky’s team contacted Asus in January about the issue, but the manufacturer denied that its servers were compromised.

Symantec researchers also confirmed the incident, telling Kim Zetter of Motherboard that at least 13,000 computers belonging to Symantec customers were infected with the malicious software update from ASUS in 2018.

And what has Asus said?
Nothing so far.

Not a peep on its official Twitter account or corporate website.

Asus PR department

Update: Asus has said it will issue an official statement sometime today (Tuesday 26 March 2019). Of course, they would have ideally begun investigating when first informed by Kaspersky in January rather than not take the researchers’ information seriously.

So if Asus isn’t doing anything, what am I supposed to do as a potentially affected customer?
Kaspersky has created a natty website - shadowhammer.kaspersky.com - where you can check to see if your MAC address is one the list of those targeted by the poisoned ASUS Live Update tool, and is inviting users to contact them if they have been targeted.

What could users have done to prevent themselves from being infected in the first place?
It’s a hard question to answer. We tell users to install security updates from their trusted suppliers to reduce the chances of a security incident. This update really did come from Asus’s servers, and had even been correctly digitally-signed using Asus’s software certificates.

And the way the malicious update then carefully selected its intended targets… it’s hard not to wonder if this might have been the work of state-sponsored hackers.

This isn’t the first time that vendors have been compromised to spread malware through a supply-chain attack.

For instance, in 2016 the update mechanism for the Ask toolbar was hijacked by attackers to install suspicious code.

The following year the anti-virus firm Avast distributed a digitally-signed version of CCleaner which contained a malicious backdoor that stole information from users’ PCs.

And perhaps most infamously of all, the NotPetya ransomware was initially spread via a malicious automatic update to a popular Ukrainian accounting software package.

So, supply-chain attacks are a big headache. By the way… why ShadowHammer?
I know, I know. It sounds like a villain from a superhero movie doesn’t it? Basically, this is what security vendors do these days to grab more attention for their discoveries. Just be grateful there’s not a logo for it… yet.

For more discussion of this topic, be sure to check out this episode of the “Smashing Security” podcast:

Smashing Security #121: ‘Hijacked motel rooms, ASUS PCs, and leaky apps’

Listen on Apple Podcasts | Google Podcasts | Other… | RSS

Tags: , , , ,

Share this article:

   Join thousands of others and sign up to our free "GCHQ" newsletter.

Smashing Security podcast
Check out "Smashing Security", the award-winning weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"It's brilliant!" • "Three people having fun in an industry often focused on bad news" • Winner of the Best Security Podcast 2018

Latest episodes:
Listen on Apple Podcasts Listen on Google Podcasts

, , , ,

2 Responses

  1. Michael Barsotti

    March 27, 2019 at 6:54 pm #

    Asus makes computers for a few operating systems, I’m assuming, since you didn’t specify, you mean windows machines. Does this also target Chromebooks?

    • Graham Cluley in reply to Michael Barsotti.

      March 27, 2019 at 7:09 pm #

      It’s just Windows.

      There’s been an update from Asus, which you can read about here: https://www.tripwire.com/state-of-security/featured/asus-security-update-live-update-tool-hacked/

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

#####EOF##### Log In ‹ Graham Cluley — WordPress

Link to Graham Cluley Security News

Welcome to Graham Cluley Security News.

Please login to continue.


No account? Register now.

← Back to Graham Cluley

#####EOF##### Hacked celebrities Archives - Graham Cluley

Archive | Hacked celebrities

Smashing Security #077: Why Paris Hilton doesn’t use iCloud, lottery hacking, and Facebook dating PODCAST

Smashing Security #077: Why Paris Hilton doesn’t use iCloud, lottery hacking, and Facebook dating

The tricky-to-pronounce Paytsar Bkhchadzhyan is jailed for hacking Paris Hilton, we hear the story of the man who hacked the lottery and almost got away with $16.5 million, and Facebook thinks it is the perfect partner to find you a date.

All this and much much more is discussed in the latest edition of the “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, who are joined this week by special guest Dave Bittner from The Cyberwire podcast.

Read more...
Mail Chimp, Piers Morgan, and the Dark Overlord PODCAST

Smashing Security podcast #050: MailChimp, Piers Morgan, and the Dark Overlord

There’s little time to celebrate our 50th episode, because there are rants to be had about MailChimp’s switch to single opt-in, Graham upsets Piers Morgan on Twitter, and the Dark Overlord hacking gang are up to some pretty horrid tricks.

All this and much much more is discussed in the latest edition of the “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault.

Read more...
Smashing Security #41: Hacking Instagram, facial failures, and spying bosses PODCAST

Smashing Security #041: Hacking Instagram, facial failures, and spying bosses

It’s easy to phone up a celebrity on Instagram following security breach, facial recognition at Notting Hill Carnival can’t tell the girls from the boys, and companies are spying on their workers’ activities.

All this and more is discussed in the latest edition of the “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by special guest David Bisson.

Read more...
Smashing 40 thumb PODCAST

Smashing Security #040: The show that cost Troy Hunt 14 dollars

Are public figures lying about being hacked? What were online criminals doing with 711 million email addresses? And how could scammers profit from Hurricane Harvey?

All this and more is discussed in the latest edition of the “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by HaveIBeenPwned’s Troy Hunt.

Read more...
#####EOF##### How bank hackers stole £1.25 million with a simple piece of hardware

How bank hackers stole £1.25 million with a simple piece of computer hardware

               

On 4 April 2013, Darius Bolder, walked into the Swiss Cottage branch of Barclays bank in North London and - posing as an IT technician - managed to gain entry to the back office.

He now had physical access to the bank’s IT systems, and was able to connect a KVM (Keyboard / Video / Mouse) device to a computer.

KVM device

The device, an innocuous-looking black box, was attached to a 3G router, and allowed hackers holed-up in a nearby hotel to record staff passwords and screen activity, enabling them to make 128 financial transfers worth £1,252,490.

The money transfers went to a network of mule accounts, specially set up to launder the stolen cash.

Barclays reported the attack that day to the Metropolitan Police Central e-Crime Unit (PCeU), and managed to recover over £600,000 of the stolen money.

BarclaysBut that wasn’t the end of the story, as on 17 July 2013 another branch of Barclays was struck.

32-year-old Dean Outram entered a branch of Barclays in Lewisham, and was able to install a KVM device, through which £90,000 was stolen.

Two months later the group attempted another heist, unlawfully gaining access to Santander’s IT system after Dean Outram fitted another KVM device in the bank’s Surrey Quays branch.

However, the Met Police were ready and Santander were on alert. As Outram left the branch he was arrested by police officers and an address in Hounslow was raided where ten other gang members were apprehended. Investigators recovered computers logged into Santander bank accounts, but no money had been stolen.

Yesterday, nine members of the gang were sentenced at Southwark Crown Court to a total of of 24 years and nine months.

Lanre Mullins-Abudu, 25, of Weimar Street, Putney

  • conspiracy to commit fraud - three years imprisonment
  • conspiracy to steal - three years imprisonment to run consecutively
  • conspiracy to steal - two years imprisonment to run consecutively
  • possession of articles for use in fraud - three years imprisonment to run concurrently

Total: eight years imprisonment

Steven Hannah, 53, of Bell Street, London, NW1:

  • conspiracy to commit fraud - three and a half years imprisonment
  • possession of Crystal Meth Class A drugs with intent to supply - two years and four months imprisonment to run consecutively

Total: five years and 10 months imprisonment

Tony Colston-Hayter, 49, of Seymour Street W1

  • conspiracy to commit fraud - two and a half years imprisonment
  • conspiracy to steal - two years imprisonment to run consecutively
  • possession of articles for use in fraud - two and a half years imprisonment to run concurrently
  • possession of articles for use in fraud - two and a half years imprisonment to run concurrently
  • theft - one year imprisonment to run consecutively

Total: five and a half years imprisonment

Darius Valentin Boldor, 34, of Ebury Bridge Road, London SW1

  • fraud - six months imprisonment
  • conspiracy to steal - two years imprisonment to run consecutively

Total: two years six months imprisonment

Dean Outram, 32, of Clifford Gardens, NW10

  • conspiracy to steal - one and a half years imprisonment
  • conspiracy to steal - one and a half years imprisonment to run consecutively

Total: three years imprisonment

Adam Raeburn Jefferson, 38, of Newport Road, New Bradwell, Milton Keynes

  • conspiracy to commit fraud - one year and four months imprisonment, suspended for two years
  • six-month tag-monitored curfew

Segun Ogunfidodo, 27, of White City Estate, W12

  • conspiracy to commit fraud - nine months imprisonment suspended for two years
  • community work order and three-month tag-monitored curfew

Dola Leroy Odunsi, 28,of Bromfield Rise, Abbots Langley, WD5

  • conspiracy to commit fraud - nine months imprisonment suspended for two years
  • community work order and three-month tag-monitored curfew

James Lewis Murphy, 39, of Wellington Buildings, Ebury Bridge Road, SW1

  • possession of criminal property - six months imprisonment (sentence already served in custody).

Four other members of the gang (Michael Victor Harper, 26, of Kiln Place, NW5, Guy Davies, 49, of Sudbourne Road, London, SW2, Stephen Ohunta, 41, of Mafeking Road, E16, and Asad Ali Qureshi, 26, of Old Brompton Road, SW7) are scheduled to be sentenced at Wood Green Court on 13 June.

Another, 31-year-old Martin Thane of Eardley Crescent, SW5, was previously sentenced to six months conditional discharge, and ordered to attend a rehabilitation clinic for six months on 8 October 2013, for conspiracy to commit fraud by misrepresentation.

And it turns out that some of the gang’s criminal activities went beyond installing KVM devices and meddling with bank accounts.

According to the Met Police’s press release:

In addition to the Barclays and Santander cyber attacks, police identified that between May 2012 and September 2013, Mullins-Abudu, Stephen Hannah, 53, Guy Davis, 49, Adam Jefferson, 38, Segun Ogunfidodo, 26, Dola Odunusui, 29, Martin Thane, 31, Michael Harper, 26 and Tony Colston-Hayter, 49, also used what police believe to be around 500 high value bank and credit cards that had been either stolen or intercepted, to purchase Rolex watches worth up to £30,000 each, high-value jewellery and electrical equipment such as Apple Mac computers and iPads.

The value of the credit card fraud is in excess of £1 million. In order to use the cards, the group - led by Hayter - used a sophisticated device to spoof genuine bank telephone numbers in order to fool victims into providing their personal details and PIN numbers.

Remember folks - be very careful about what information you give away over the phone, and remember that a legitimate call from your bank or credit card company will never ask you to tell them your complete PIN code.

“Through working with industry partners such as Santander and Barclays, whose efforts in assisting us were immense, we have been able to bring this group to justice.”

“This case demonstrates the sheer investigative skill we are able to apply to tackling cyber crime, as we continue working to keep London people and businesses safe from cyber criminals. We are determined to make London a hostile place for cyber criminals and not allow the internet to be a hiding place for those who defraud people in the capital,” said Detective Chief Inspector Jason Tunn, of the MPS Cyber Crime Unit.

It seems to me that the Met Police can be proud of bringing this high-tech gang to justice and stopping them in their audacious scheme to defraud bank customers.

And a clear warning needs to go out to other organisations to take great care over who well allow to gain physical access to our offices, and how closely visitors should be monitored - especially if they are an unfamiliar face.

Of course, human nature being what it is – many people feel uncomfortable grilling an unfamiliar face as to what they might be doing in the office, and asking them to prove their legitimacy.

Once again, this is largely a human problem, not a technological one.

Further reading:

Tags: , , , , , ,

Share this article:

   Join thousands of others and sign up to our free "GCHQ" newsletter.

Smashing Security podcast
Check out "Smashing Security", the award-winning weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"It's brilliant!" • "Three people having fun in an industry often focused on bad news" • Winner of the Best Security Podcast 2018

Latest episodes:
Listen on Apple Podcasts Listen on Google Podcasts

, , , , , ,

5 Responses

  1. Darren Wall

    April 25, 2014 at 11:57 am #

    A couple of years back I took part in a project to roll out replacement keyboards and screens to a high street bank that has branches all over the country. Many of the branches were so glad to see an IT person on site that they did very little checking on me. “Oh are you here to fix the.….”
    Under the counter pulling out old cabling and setting up new keyboards and monitors I could quite easily have plugged in devices like those in your article. The branches appear to get so little on site IT support that a device like that could go unnoticed for a long time if the thieves were not too greedy.

  2. Romanian

    April 25, 2014 at 12:17 pm #

    Out of a 14-person gang comprising 8 persons with British names, 5 persons with African sounding names and one Romanian, you outlined the last one.

    • Graham Cluley in reply to Romanian.

      April 25, 2014 at 12:22 pm #

      He’s the only one I know the nationality of. If you have information about the other individuals please share it, and I can update the article.

      But I take your point. It seems odd to mention his nationality and not the others, and could be misconstrued. So I’ve removed it until (if?) we can fill in all the other gaps.

      • Romanian in reply to Graham Cluley.

        April 26, 2014 at 12:40 pm #

        Fair enough. Not all of you are ukip-ers, obviously ;)

  3. Bruce

    April 25, 2014 at 12:45 pm #

    The Met Police might be pleased about bringing this gang before the court, but some of those sentences seem very low for this level of crime. Or is it just me?

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

#####EOF##### Adobe Archives - Graham Cluley

Archive | Adobe

Smashing Security #036: Flash? Clunk flush... and hacking security researchers PODCAST

Smashing Security #036: Flash? Clunk flush… and hacking security researchers

A security threat researcher is badly hacked in a revenge attack. Some people want to save Adobe Flash, but is that wise? And a poorly-secured electronic billboard starts displaying offensive images…

All this and much more is discussed in the latest edition of the “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Maria Varmazis.

Read more...
#####EOF##### Terrorist's mainfesto used to spread disk-wiping malware

Terrorist’s mainfesto used to spread disk-wiping malware

Be careful what you download...
               

New Zealand shooter's manifesto used to spread disk-wiping malware
The world was horrified earlier this month by the mass-shootings of worshippers at mosques in Christchurch, New Zealand.

The alleged culprit reportedly distributed a 73-page so-called manifesto entitled “The Great Replacement”, chockablock with white supremacist rhetoric.

The document was circulated on forums and social media websites, and - in an attempt to prevent its spread - New Zealand’s government classified it as “objectionable”, and made it a crime to possess or distribute it anywhere in the country.

Well, if you needed any other reason not to hunt the internet for a copy of “The Great Replacement” to download, here’s one from the research team at security firm Blue Hexagon.

As researcher Irfan Asrar describes, someone has taken a copy of shooter’s Word document and weaponised it to download malicious code from the internet.

Anyone opening the modified manifesto could find their computer’s Master Boot Record (MBR) destructively overwritten, and as their Windows computer reboots they’ll be faced with a message:

This is not us!

This is not us

In many ways it’s a throwback to the early days of malware, when some viruses would overwrite a PC’s boot-up code and display messages such as “Your computer is now stoned!”. And yes, virus historians, I’m well aware that the Stoned virus was also known as New Zealand…

This new malware hasn’t been created to grant remote hackers access to an infected PC, nor to steal files, or hold the victim to ransom. My guess is that whoever created the malware-laden version of the document was outraged by the horror of the shooting of innocent people, and simply wanted to bloody the nose of anyone showing an unhealthy interest in it.

Tags: , ,

Share this article:

   Join thousands of others and sign up to our free "GCHQ" newsletter.

Smashing Security podcast
Check out "Smashing Security", the award-winning weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"It's brilliant!" • "Three people having fun in an industry often focused on bad news" • Winner of the Best Security Podcast 2018

Latest episodes:
Listen on Apple Podcasts Listen on Google Podcasts

, ,

6 Responses

  1. Smashdamn

    March 29, 2019 at 9:48 pm #

    Lol thanks for the warning deleted the file and got the pastebin version instead.

  2. Drew Lewis

    March 30, 2019 at 3:00 pm #

    Wow, for a “security” website you sure have no idea what you are talking about. Just another garbage clickbait site to avoid.

    Disk-wiping? That’s not a stretch it’s a blatant lie or the ramblings of a confused old man.

    Either way it shows everything on this site is misinformation.

    • Graham Cluley in reply to Drew Lewis.

      March 30, 2019 at 3:23 pm #

      It overwrites the MBR. So yeah, it doesn’t wipe the entire hard drive.

      • Ian Moone in reply to Graham Cluley.

        March 31, 2019 at 8:34 am #

        MBR is only 512mb so far from an entire hard drive. Its like 1 grain of sand from a bag of sand. But a pain ont he bum for someone who’s not tech savyto fix.

        • Graham Cluley in reply to Ian Moone.

          April 3, 2019 at 7:06 pm #

          I remember in the old days some folks would reformat their hard drives when they discovered they had been infected by an MBR virus like Stoned - not realising that they had just wiped all of their hard drive, *apart* from the virus. Oops!

  3. Dave

    March 31, 2019 at 3:43 am #

    This is awesome, shame just wipes the MBR. As a previous cretin has pointed out, it won’t stop people reading it, but it might put a few people off.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

#####EOF##### In its ransomware response, Norsk Hydro is an example for us all

In its ransomware response, Norsk Hydro is an example for us all

They're not afraid to be open about what happened.
               


It’s been over two weeks now since Norsk Hydro, one of the world’s largest producers of aluminium, was hit by a ransomware attack that hit 160 of its plants worldwide, forcing many of its sites to switch to manual operations.

All this, and the company’s new CEO had only started in the job one day before. What a baptism of fire.

I’ve been really impressed with Hydro’s response to the attack, exemplified by the YouTube video they have just released.

Hydro didn’t shy away from admitting it had been a victim of a targeted ransomware attack, it used daily webcasts and social media posts to keep business partners and the media informed about what was going on, it made clear that it was not going to pay the extortionists who had planted LockerGoga on its systems, they called in the police to investigate, and flew in experts from overseas to help them.

Lockergoga message

I’ve always considered that a security breach is only part of the story. A large chunk of the narrative, and how it ends up impacting your organisation and reputation, rests upon your response following an incident.

Norsk Hydro has demonstrated that by working hard and being smart, pulling in expertise, and - critically - being transparent in its communications with those outside the company it’s possible to avert disaster.

Sure, it helps enormously that Hydro was prepared - it had secure backups in place, and mechanisms for restoring impacted systems. It was also insured against such attacks.

And, unlike some other victims of cyber attacks in the past, the fact that it had already migrated its email systems to the cloud meant that even if its computers were down, workers were still able to communicate via smartphones and tablets.

I’m sure there’s still much work to be done before everything is returned to normal, but you cannot fail to be impressed by what they have achieved so far, and hope that it acts as an example for other unfortunate victims in the future.

To find out more about the Norsk Hydro attack, be sure to read this fascinating article by Kevin Beaumont.

Tags: , , ,

Share this article:

   Join thousands of others and sign up to our free "GCHQ" newsletter.

Smashing Security podcast
Check out "Smashing Security", the award-winning weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"It's brilliant!" • "Three people having fun in an industry often focused on bad news" • Winner of the Best Security Podcast 2018

Latest episodes:
Listen on Apple Podcasts Listen on Google Podcasts

, , ,

No comments yet.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

#####EOF##### Awards

Awards

TrophyI’ve been lucky enough to win some awards, which I will now brag about:

  • 2019 - Nominated: Most Entertaining Security Blog at RSA Security Blogger Awards
  • 2019 - Winner: Cyber Security Blog of the Year at 4D Awards
  • 2018 - Winner: Best Security Podcast at EU Security Blogger Awards
  • 2018 - Nominated: Best Personal Security Blog at EU Security Blogger Awards
  • 2018 - Nominated: Best European Personal Security Blog at EU Security Blogger Awards
  • 2018 - Nominated: Most Entertaining Blog at EU Security Blogger Awards
  • 2018 - Nominated: Most Educational Blog at EU Security Blogger Awards
  • 2018 - Nominated: Best EU Security Tweeter at EU Security Blogger Awards
  • 2018 - Nominated: Grand Prix Prize: Best Overall Security Blog at EU Security Blogger Awards
  • 2018 - Nominated: Best European Security Podcast at EU Security Blogger Awards
  • 2018 - Nominated: Most Entertaining Security Blog at RSA Security Blogger Awards
  • 2018 - Top Ten Information Security Thought Leaders at Infosec Institute.
  • 2017 - Winner: Best IT Security Blog at SysAdmin Blog Awards
  • 2017 - Winner: Most Entertaining Security Blog at RSA Security Blogger Awards
  • 2016 - Winner: Best Security Video Blog at EU Security Blogger Awards
  • 2016 - Nominated: Best Corporate Security Blog at EU Security Blogger Awards
  • 2016 - Nominated: Best European Corporate Security Blog at EU Security Blogger Awards
  • 2016 - Nominated: Most Entertaining Blog at EU Security Blogger Awards
  • 2016 - Nominated: Most Educational Blog at EU Security Blogger Awards
  • 2016 - Nominated: Best EU Security Tweeter at EU Security Blogger Awards
  • 2016 - Nominated: Grand Prix Prize for the Best Overall Security Blog at EU Security Blogger Awards
  • 2016 - Top 10 CyberSecurity Twitter profiles by Dark Reading.
  • 2016 - Winner: EMEA Cybersecurity Educator of the Year at the Cybersecurity Excellence Awards
  • 2016 - Winner: Most Entertaining Security Blog at RSA Security Blogger Awards
  • 2016 - Nominated: Most Educational Security Blog at RSA Security Blogger Awards
  • 2016 - The World’s Top IT Security Influencers by CISO Platform
  • 2015 - Winner: Tech Blogger of the year at the Bloggers’ Lounge Awards
  • 2015 - Winner: Best Security Blog at the Bytes that Rock Awards
  • 2015 - Winner: Most Educational Blog at EU Security Blogger Awards
  • 2015 - Nominated: Best European Corporate Security Blog at EU Security Blogger Awards
  • 2015 - Nominated: Grand Prix Prize for the Best Overall Security Blog at EU Security Blogger Awards
  • 2015 - Winner: Most Entertaining Security Blog at RSA Security Blogger Awards
  • 2015 - Top 25 Influencers in Security by Tripwire
  • 2014 - Winner: Best Speaker at AVAR 2014, Sydney, Australia
  • 2014 - Winner: Best New Security Blog at EU Security Blogger Awards
  • 2014 - Nominated: Best Corporate Security Blog at EU Security Blogger Awards
  • 2014 - Nominated: Best Personal Security Blog at EU Security Blogger Awards
  • 2014 - Nominated: Most Entertaining Blog at EU Security Blogger Awards
  • 2014 - Nominated: Most Educational Blog at EU Security Blogger Awards
  • 2014 - Nominated: Best EU Security Tweeter at EU Security Blogger Awards
  • 2014 - Nominated: Grand Prize for Best Overall Security Blog at EU Security Blogger Awards
  • 2014 - Nominated: Most Educational Security Blog at RSA Security Blogger Awards
  • 2013 - Winner: Best Overall Security Blog at EU Security Blogger Awards
  • 2013 - Winner: Best Corporate Security Blog at EU Security Blogger Awards
  • 2013 - Winner: Best Corporate Security Blog at RSA Security Blogger Awards
  • 2012 - Winner: Best Corporate Security Blog at RSA Security Blogger Awards
  • 2012 - Winner: Hermes Platinum Award for Sophos Naked Security publicity campaign
  • 2011 - Top 25 Influencers in Security by Tripwire
  • 2011 - Ranked 7th Most Powerful Voice in Security by Sys-Con Media
  • 2011 - Winner: Most Educational Security Blog at RSA Security Blogger Awards
  • 2011 - Winner: Best Security Blogger, SC Magazine Awards, San Francisco
  • 2011 - Inducted into the InfoSecurity Europe Hall of Fame
  • 2010 - Winner: Best IT Security Blog at Computer Weekly/IBM Blog Awards
  • 2010 - Runner-up: Best Security Blogger, SC Magazine Awards, San Francisco
  • 2010 - Winner: Twitter User of the Year, Computer Weekly/IBM Blog Awards
  • 2009 - Winner: Best of the Best Blogs, Computer Weekly/IBM Blog Awards
  • 2009 - Winner: Twitter User of the Year, Computer Weekly/IBM Blog Awards
  • 2009 - Winner: IT Security Blogger of the Year, Computer Weekly/IBM Blog Awards
  • 2009 - Honorary Mention: “Top 10 Greatest Britons in IT history”

And here are some nice things people have said about me.

#####EOF##### In its ransomware response, Norsk Hydro is an example for us all

In its ransomware response, Norsk Hydro is an example for us all

They're not afraid to be open about what happened.
               


It’s been over two weeks now since Norsk Hydro, one of the world’s largest producers of aluminium, was hit by a ransomware attack that hit 160 of its plants worldwide, forcing many of its sites to switch to manual operations.

All this, and the company’s new CEO had only started in the job one day before. What a baptism of fire.

I’ve been really impressed with Hydro’s response to the attack, exemplified by the YouTube video they have just released.

Hydro didn’t shy away from admitting it had been a victim of a targeted ransomware attack, it used daily webcasts and social media posts to keep business partners and the media informed about what was going on, it made clear that it was not going to pay the extortionists who had planted LockerGoga on its systems, they called in the police to investigate, and flew in experts from overseas to help them.

Lockergoga message

I’ve always considered that a security breach is only part of the story. A large chunk of the narrative, and how it ends up impacting your organisation and reputation, rests upon your response following an incident.

Norsk Hydro has demonstrated that by working hard and being smart, pulling in expertise, and - critically - being transparent in its communications with those outside the company it’s possible to avert disaster.

Sure, it helps enormously that Hydro was prepared - it had secure backups in place, and mechanisms for restoring impacted systems. It was also insured against such attacks.

And, unlike some other victims of cyber attacks in the past, the fact that it had already migrated its email systems to the cloud meant that even if its computers were down, workers were still able to communicate via smartphones and tablets.

I’m sure there’s still much work to be done before everything is returned to normal, but you cannot fail to be impressed by what they have achieved so far, and hope that it acts as an example for other unfortunate victims in the future.

To find out more about the Norsk Hydro attack, be sure to read this fascinating article by Kevin Beaumont.

Tags: , , ,

Share this article:

   Join thousands of others and sign up to our free "GCHQ" newsletter.

Smashing Security podcast
Check out "Smashing Security", the award-winning weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"It's brilliant!" • "Three people having fun in an industry often focused on bad news" • Winner of the Best Security Podcast 2018

Latest episodes:
Listen on Apple Podcasts Listen on Google Podcasts

, , ,

No comments yet.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

#####EOF##### Spam Archives - Graham Cluley

Archive | Spam

Hacker arrested for wave of fake bomb and shooting threats against schools

Hacker arrested for wave of fake bomb and shooting threats against schools

FBI agents have arrested a 20-year-old man alleged to have been part of a hacking gang which not only launched distributed denial-of-service (DDoS) attacks, but also launched a wave of chilling bomb and shooting threats against thousands of schools in the United States and United Kingdom.

Read more in my article on the Tripwire State of Security blog.

Read more...
Mail Chimp, Piers Morgan, and the Dark Overlord PODCAST

Smashing Security podcast #050: MailChimp, Piers Morgan, and the Dark Overlord

There’s little time to celebrate our 50th episode, because there are rants to be had about MailChimp’s switch to single opt-in, Graham upsets Piers Morgan on Twitter, and the Dark Overlord hacking gang are up to some pretty horrid tricks.

All this and much much more is discussed in the latest edition of the “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault.

Read more...
Poisoned plugin allowed hackers to post spammy content on up to 200,000 WordPress websites

Poisoned plugin allowed hackers to post spammy content on up to 200,000 WordPress websites

As many as 200,000 websites may have been running a WordPress plugin that allowed third parties to publish any content they wished on victims’ sites via a backdoor. Watch out for supply chain attacks that could impact your website…

Read more in my article on the Tripwire State of Security blog.

Read more...
#####EOF##### Naked Security Archives - Graham Cluley

Archive | Naked Security

#####EOF##### Phishing Archives - Graham Cluley

Archive | Phishing

Smashing Security #119: Hijacked homes, porn passports, and ransomware regret PODCAST

Smashing Security #119: Hijacked homes, porn passports, and ransomware regret

A $150 million mansion is hijacked online, Brits will soon have to scan their passport to watch internet porn, and are organisations right to pay up when hit by ransomware?

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by technology broadcaster David McClelland.

Read more...
Smashing Security #116: Stalking debtors, Facebook farce, and a cyber insurance snag PODCAST

Smashing Security #116: Stalking debtors, Facebook farce, and a cyber insurance snag

How would *you* track someone who owed you money? What was the colossal flaw Facebook left on its website for anyone to exploit and hijack accounts? And what excuse are insurance companies giving for not paying victims of the NotPetya malware millions of dollars?

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Joe Carrigan of the Information Security Institute at Johns Hopkins University.

Read more...
Smashing Security #112: Payroll scams, gold coin heists, web giants spanked PODCAST

Smashing Security #112: Payroll scams, gold coin heists, web giants spanked

Business email compromise evolves to target your company’s payroll, how the world’s largest gold coin was stolen from a Berlin museum, and are internet giants feeling the heat yet over data security?

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by people hacker Jenny Radcliffe.

Read more...
Smashing Security #106: Google Maps, Fed phishing, and Grinch bots PODCAST

Smashing Security #106: Google Maps, Fed phishing, and Grinch bots

How are scammers stealing your money through Google Maps? Why did the FBI create a fake FedEx website? And how are US senators hoping to stop Grinch bots ruining Christmas?

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Maria Varmazis.

And don’t miss our special bonus interview about passwords with Rachael Stockton of LastPass.

Read more...
Smashing Security #104: The world's most evil phishing test, and cyborgs in the workplace PODCAST

Smashing Security #104: The world’s most evil phishing test, and cyborgs in the workplace

Does your employer want to turn you into a cyborg? Was this phishing test devised by an evil genius? And how did a cinema chain get scammed out of millions, time and time again…?

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Scott Helme.

Read more...
#####EOF##### Firefox Archives - Graham Cluley

Archive | Firefox

Smashing Security podcast #058: Face ID, Firefox, and Windows SNAFUs, plus Bitcoin FOMO PODCAST

Smashing Security podcast #058: Face ID, Firefox, and Windows SNAFUs, plus Bitcoin FOMO

Is Face ID racist? Has Mr Robot infected your Firefox browser? Has Microsoft pushed a buggy password manager onto your Windows PC?

All this and much much more is discussed in the special first birthday edition of the “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by original co-host Vanja Švajcer.

Read more...
Adobe Flash zero day vulnerability exploited by hackers to infect IE and Firefox users

Adobe Flash zero day vulnerability exploited by hackers to infect IE and Firefox users

Adobe has warned that online criminals are attacking Internet Explorer and Firefox users via an as-yet-unpatched zero day vulnerability in Adobe Flash.

Do you know how to enable Click to Play in your browser to protect yourself?

Read more...
#####EOF##### Twitter Archives - Graham Cluley

Archive | Twitter

A Twitter PSA for twits

A PSA for twits on Twitter

Twitter users have been warned not to fall for a prank that claimed their user interface would change colour if they told the service they were born in 2007, after a wave of users locked themselves out of their accounts for being underage.

Read more...
Smashing Security #117: SWATs on a plane PODCAST

Smashing Security #117: SWATs on a plane

Why is Tampa’s mayor tweeting about blowing up the airport? Are hackers trying to connect with you via LinkedIn? And has Maria succeeded in her attempt to survive February without Facebook?

All this and much much more in the latest edition of the “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Maria Varmazis.

Plus, after last week’s discussion about the legal battle between Mondelez and Zurich Insurance, we have a chat with security veteran Martin Overton to take a deeper look into cyberinsurance.

Read more...
Angry twitter thumb

Twitter follow bots cut off from API, as accounts disabled for spreading misinformation from Iran and elsewhere

ManageFlitter, Statusbrew, and Crowdfire have had their access to the Twitter API revoked for allegedly helping users abuse the service, aggressively and repeatedly following and unfollowing large numbers of other accounts - a tactic frequently employed by Twitter spammers.

Meanwhile, Twitter and Facebook share details of the accounts they have shut down after finding they were spreading misinformation in the run-up to the US midterm elections.

Read more...
Smashing Security #110: What? You can get paid to leave Facebook? PODCAST

Smashing Security #110: What? You can get paid to leave Facebook?

Twitter and the not-so-ethical hacking of celebrity accounts, study discovers how you can pay someone to quit Facebook for a year, and the millions of dollars you can make from uncovering software vulnerabilities.

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Maria Varmazis.

Read more...
Smashing Security #101: Rule 34, Twitter scams, and Facebook fails PODCAST

Smashing Security #101: Rule 34, Twitter scams, and Facebook fails

A Facebook friend request leads to arrest, Twitter scams ride again via promoted ads, and adult websites expose their members. Oh, and Graham finds out what Rule 34 is.

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Maria Varmazis.

Read more...
Smashing Security #095: British Airways hack, Mac apps steal browser history, and one person has 285,000 texts leaked PODCAST

Smashing Security #095: British Airways hack, Mac apps steal browser history, and one person has 285,000 texts leaked

Malicious script is being blamed for the British Airways hack, Trend Micro’s apps are booted out of the Mac App Store for snaffling private data, and Paul Manafort’s daughter wants Twitter to remove a link.

All this and more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by David Emm of Kaspersky Lab.

Read more...
Smashing Security #094: Rogue browser extensions, Twitter presence, and how to cheat in exams PODCAST

Smashing Security #094: Rogue browser extensions, Twitter presence, and how to cheat in exams

What’s the danger when browser extensions go bad? Is Twitter sharing your online status a boon for stalkers? And which of the show’s hosts is going to admit to cheating in their exams?

All this and much much more is discussed in the latest edition of the award-winning “Smashing Security” podcast hosted by computer security veterans Graham Cluley and Carole Theriault, joined this week by technology journalist David McClelland.

Read more...
Smashing Security #091: Sextortion, Las Vegas hotels, and Alex Jones PODCAST

Smashing Security #091: Sextortion, Las Vegas hotels, and Alex Jones

Just how did sextortionists get (some) of the digits in your phone number? Why are some hackers saying they won’t be going to DEF CON in Las Vegas anymore? And should Alex Jones from InfoWars be banned from Twitter?

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by special guest Maria Varmazis.

Read more...
Here's why Twitter will lock your account if you change your display name to Elon Musk

Here’s why Twitter will lock your account if you change your display name to Elon Musk

There’s bad news if your name really is “Elon Musk”.

You’re going to have to jump over some additional hurdles to convince Twitter that you should be allowed to change your display name to the one you share with the boss of Tesla and SpaceX.

Read more in my article on the Hot for Security blog.

Read more...
#####EOF##### Social networks Archives - Graham Cluley

Archive | Social networks

A Twitter PSA for twits

A PSA for twits on Twitter

Twitter users have been warned not to fall for a prank that claimed their user interface would change colour if they told the service they were born in 2007, after a wave of users locked themselves out of their accounts for being underage.

Read more...
Google and Facebook scammed out of $123 million by man posing as hardware vendor

Google and Facebook scammed out of $123 million by man posing as hardware vendor

Even the most tech savvy companies in the world can fall for business email compromise.

A Lithuanian man has this week pleaded guilty to tricking Google and Facebook into transferring over $100 million into a bank account under his control after posing as a company that provided the internet giants with hardware for their data centers.

Read more in my article on the Tripwire State of Security blog.

Read more...
Smashing Security #117: SWATs on a plane PODCAST

Smashing Security #117: SWATs on a plane

Why is Tampa’s mayor tweeting about blowing up the airport? Are hackers trying to connect with you via LinkedIn? And has Maria succeeded in her attempt to survive February without Facebook?

All this and much much more in the latest edition of the “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Maria Varmazis.

Plus, after last week’s discussion about the legal battle between Mondelez and Zurich Insurance, we have a chat with security veteran Martin Overton to take a deeper look into cyberinsurance.

Read more...
Smashing Security #116: Stalking debtors, Facebook farce, and a cyber insurance snag PODCAST

Smashing Security #116: Stalking debtors, Facebook farce, and a cyber insurance snag

How would *you* track someone who owed you money? What was the colossal flaw Facebook left on its website for anyone to exploit and hijack accounts? And what excuse are insurance companies giving for not paying victims of the NotPetya malware millions of dollars?

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Joe Carrigan of the Information Security Institute at Johns Hopkins University.

Read more...
Angry twitter thumb

Twitter follow bots cut off from API, as accounts disabled for spreading misinformation from Iran and elsewhere

ManageFlitter, Statusbrew, and Crowdfire have had their access to the Twitter API revoked for allegedly helping users abuse the service, aggressively and repeatedly following and unfollowing large numbers of other accounts - a tactic frequently employed by Twitter spammers.

Meanwhile, Twitter and Facebook share details of the accounts they have shut down after finding they were spreading misinformation in the run-up to the US midterm elections.

Read more...
Smashing Security #113: FaceTime, Facebook, faceplant PODCAST

Smashing Security #113: FaceTime, Facebook, faceplant

FaceTime bug allows callers to see and hear you *before* you answer the phone, Facebook’s Nick Clegg tries to convince us the social network is changing its ways, and IoT hacking is big in Japan.

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by John Hawes from AMTSO.

Read more...
Smashing Security #112: Payroll scams, gold coin heists, web giants spanked PODCAST

Smashing Security #112: Payroll scams, gold coin heists, web giants spanked

Business email compromise evolves to target your company’s payroll, how the world’s largest gold coin was stolen from a Berlin museum, and are internet giants feeling the heat yet over data security?

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by people hacker Jenny Radcliffe.

Read more...
Smashing Security #110: What? You can get paid to leave Facebook? PODCAST

Smashing Security #110: What? You can get paid to leave Facebook?

Twitter and the not-so-ethical hacking of celebrity accounts, study discovers how you can pay someone to quit Facebook for a year, and the millions of dollars you can make from uncovering software vulnerabilities.

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Maria Varmazis.

Read more...
#####EOF##### Encryption Archives - Graham Cluley

Archive | Encryption

Smashing Security #120: Silk Road with Deliveroo PODCAST

Smashing Security #120: Silk Road with Deliveroo

Online drug dealers get busted due to poor OPSEC! People are still failing to wipe their USB sticks properly! A potential presidential candidate is outed as a former hacker! Flat Earthers! Pi! Empathy!

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Paul Ducklin.

Read more...
Smashing Security #088: PayPal’s Venmo app even makes your drug purchases public PODCAST

Smashing Security #088: PayPal’s Venmo app even makes your drug purchases public

Not one of Google’s 85,000 employees has had their accounts compromised by phishing in a year.  How have they done it? Find out in this podcast.

Also, we discuss with special guest Scott Helme how websites still using HTTP are now marked as “not secure” by Google Chrome, and if you’re buying drugs via PayPal’s Venmo app you should say goodbye to privacy.

All this and much much more is discussed in the latest edition of the award-winning “Smashing Security” podcast hosted by computer security veterans Graham Cluley and Carole Theriault.

Read more...
Apple confirms it's closing security loophole that police were using to crack iPhones

Apple confirms it’s closing security loophole that police were using to crack iPhones

Yes, Apple is toughening up the security of iPhones with iOS 12. Yes, the steps Apple is taking will make it harder for law enforcement agencies to thwart iPhone security. But no, that’s not the reason Apple is doing it.

Read more in my article on the Tripwire State of Security blog.

Read more...
#####EOF##### Registration Form ‹ Graham Cluley — WordPress

Link to Graham Cluley Security News

Register For This Site

− 2 = 7

Registration confirmation will be emailed to you.


← Back to Graham Cluley

#####EOF##### Sponsor Archives - Graham Cluley

Archive | Sponsor

Why real-time intelligence matters for managing third-party risk SPONSOR

Why real-time intelligence matters for managing third-party risk

Many thanks to the great folks at Recorded Future, who have sponsored my writing for the last week.

As leading companies in every industry today are undergoing digital transformation, the lines are blurring between any one organization and its partners, suppliers, vendors, and other third parties.

In this new report, ESG examines how these business relationships can introduce new risks that need to be identified and managed “as if these third parties were part of the enterprise itself.”

Download your copy now of “Third-Party Risk: Why Real-Time Intelligence Matters”

About Recorded Future

Recorded Future delivers the only complete threat intelligence solution powered by patented machine learning to lower risk. We empower organizations to reveal unknown threats before they impact business, and enable teams to respond to alerts 10 times faster. To supercharge the efforts of security teams, our technology automatically collects and analyzes intelligence from technical, open web, and dark web sources and aggregates customer-proprietary data.

Recorded Future delivers more context than threat feeds, updates in real time so intelligence stays relevant, and centralizes information ready for human analysis, collaboration, and integration with security technologies. 91 percent of the Fortune 100 use Recorded Future.


If you’re interested in sponsoring my site for a week, and reaching an IT-savvy audience that cares about computer security, you can find more information here.

Read more...
Learn how Starbucks combats credential stuffing & account takeover (ATO) SPONSOR

Learn how Starbucks combats credential stuffing & account takeover (ATO)

Many thanks to the great folks at Shape Security, who have sponsored my writing for the last week.

“These are not kids in mom’s basement attacking us.”

Nearly five million people around the globe buy Starbucks coffee from their mobile app every single day. Forty percent of those purchases are paid using Starbucks’ gift card/stored value system, making the app a ripe target for account takeover (ATO).

Starbucks was one of the first enterprises to identify the growing threat of credential stuffing and mass ATO attacks. The security team tried using WAFs and CDN-provided bot solutions, but found those methods were no match for ever-evolving attackers.

Watch Shape’s discussion with Starbucks to learn how the two companies partnered to help combat ATO and hear answers to questions including:

  • How have attackers evolved at Starbucks over the past three years?
  • How can we leverage a collective defense to turn the tide on attackers?
  • How does Starbucks balance security with user friction?

Learn more now!

Shape Security is defining a new future in which excellent cybersecurity not only stops attackers, but also reduces friction for good customers. Shape disrupts the economics of cybercrime by making it too expensive for attackers to commit online fraud, while also enabling enterprises to more easily transact with genuine customers.

The Shape platform, covered by 55 patents, stops the most dangerous application attacks enabled by bots and cybercriminal tools, including credential stuffing (account takeover), fake account creation, and unauthorized aggregation.


If you’re interested in sponsoring my site for a week, and reaching an IT-savvy audience that cares about computer security, you can find more information here.

Read more...
Unlock the power of threat intelligence with this practical guide. Get your free copy now SPONSOR

Unlock the power of threat intelligence with this practical guide. Get your free copy now

Many thanks to the great folks at Recorded Future, who have sponsored my writing for the last week.

At Recorded Future, we believe every security team can benefit from threat intelligence. That’s why we’ve published “The Threat Intelligence Handbook.”

It’s aimed at helping security professionals realize the advantages of threat intelligence by offering practical steps for applying threat intelligence in any organization.

For anyone who is baffled by threat intelligence, and the benefits that it can bring to your company, this is the book for you. This easy-to-read guide will help you understand why threat intelligence is an essential part of every organisation’s defence against the latest cyber attacks.

Download your free copy now.

About Recorded Future

Recorded Future delivers the only complete threat intelligence solution powered by patented machine learning to lower risk. We empower organizations to reveal unknown threats before they impact business, and enable teams to respond to alerts 10 times faster. To supercharge the efforts of security teams, our technology automatically collects and analyzes intelligence from technical, open web, and dark web sources and aggregates customer-proprietary data. Recorded Future delivers more context than threat feeds, updates in real time so intelligence stays relevant, and centralizes information ready for human analysis, collaboration, and integration with security technologies. 91 percent of the Fortune 100 use Recorded Future.


If you’re interested in sponsoring my site for a week, and reaching an IT-savvy audience that cares about computer security, you can find more information here.

Read more...
Digitize and automate your customer agreement process for financial transactions. Download this free OneSpan guide. SPONSOR

Digitize and automate your customer agreement process for financial transactions. Download this free OneSpan guide

Many thanks to the great folks at OneSpan, who have sponsored my writing for the last week.

More than 10,000 customers in 100 countries rely on OneSpan to secure access, manage identities, verify transactions, simplify document signing and protect high value assets and systems.

OneSpan is now giving you the chance to download its Financial Agreement Automation RFP Guide for Account Opening, Digital Lending and Leasing Automation.

Trillions of dollars in financial transactions are processed each year. These include credit agreements, loans, new account openings, mortgages, pensions and annuities.

Today’s customer is looking for speed, ease and convenience. To meet these demands, financial institutions must offer fully digital experiences.

This guide is for financial institutions evaluating technology for agreement automation.

Agreement automation refers to the digitization of the customer agreement process for financial transactions – including application data validation, digital identity verification, agreement signing and storage, and audit trail capture.

This guide will assist you in:

  • Determining your agreement automation requirement
  • Deciding which stakeholders to involve in the RFP process
  • Developing RFP questions (14 pages of sample RFP questions provided)
  • Evaluating options for implementation

Download your copy of OneSpan’s guide now.


If you’re interested in sponsoring my site for a week, and reaching an IT-savvy audience that cares about computer security, you can find more information here.

Read more...
FIDO2: The Passwordless web is coming, says OneSpan SPONSOR

FIDO2: The Passwordless web is coming, says OneSpan

Many thanks to the great folks at OneSpan, who have sponsored my writing for the last week.

More than 10,000 customers in 100 countries rely on OneSpan to secure access, manage identities, verify transactions, simplify document signing and protect high value assets and systems.

Often, the first hurdle in customer engagement is the login password. Not only is creating and managing passwords a major annoyance, the login password is also notoriously vulnerable to data breaches.

FIDO authentication solves this problem by replacing the traditional password with strong authentication options ranging from biometrics to software and hardware tokens.

In essence, FIDO authentication offers an interoperable and standardized ecosystem of authenticators for use with mobile and online applications. It enables organizations to deploy strong authentication for login and transaction validation, without the incremental cost of in-house development.

Recently, the FIDO Alliance (Fast Identity Online) announced the availability of its FIDO2 protocol. Read more on the OneSpan blog and discover:

  • What FIDO2 is
  • How it impacts the traditional login and password
  • Why financial institutions (FIs) should pay attention

To learn more, make sure to check out the full article on the OneSpan blog.


If you’re interested in sponsoring my site for a week, and reaching an IT-savvy audience that cares about computer security, you can find more information here.

Read more...
Recorded Future. Take this short survey to assess your organization's threat intelligence maturity. SPONSOR

Take this short survey to assess your organization’s threat intelligence maturity

Many thanks to the great folks at Recorded Future, who have sponsored my writing for the last week.

Recorded Future believes that every security team can benefit from threat intelligence. That’s why it has launched its new Threat Intelligence Grader — so you can quickly assess your organization’s threat intelligence maturity and get best practices for improving it.

Recorded Future delivers the only complete threat intelligence solution powered by patented machine learning to lower risk. It empowers organizations to reveal unknown threats before they impact business, and enables teams to respond to alerts 10 times faster.

To supercharge the efforts of security teams, Recorded Future’s technology automatically collects and analyzes intelligence from technical, open web, and dark web sources and aggregates customer-proprietary data. Recorded Future delivers more context than threat feeds, updates in real time so intelligence stays relevant, and centralizes information ready for human analysis, collaboration, and integration with security technologies.

91 percent of the Fortune 100 use Recorded Future.

Try out Recorded Future’s Threat Intelligence Grader for yourself now!


If you’re interested in sponsoring my site for a week, and reaching an IT-savvy audience that cares about computer security, you can find more information here.

Read more...
Recommendations To Enable PSD2-Compliant Transaction Monitoring White Paper. Get your copy for Free! SPONSOR

‘Recommendations To Enable PSD2-Compliant Transaction Monitoring’ white paper. Get your copy for free!

Many thanks to the great folks at OneSpan, who have sponsored my writing for the last week.

More than 10,000 customers in 100 countries rely on OneSpan to secure access, manage identities, verify transactions, simplify document signing and protect high value assets and systems.

Did you know that under the Regulatory Technical Standards for PSD2 (also known as the Revised Payment Services Directive), transaction monitoring is now a requirement for all Payment Service Providers?

Download this new white paper from OneSpan, and discover recommendations to establish a compliant fraud prevention and risk analysis strategy. Topics covered include:

  • The specific requirements regarding mandatory transaction monitoring
  • Possible exemptions from Strong Customer Authentication requirements
  • Recommendations for a PSD2-compliant transaction monitoring solution

Download OneSpan’s free white paper now to learn more.


If you’re interested in sponsoring my site for a week, and reaching an IT-savvy audience that cares about computer security, you can find more information here.

Read more...
Considering Electronic Document Signing? Try OneSpan Sign Free For 30 Days SPONSOR

Considering Electronic Document Signing? Try OneSpan Sign Free For 30 Days

Many thanks to the great folks at OneSpan, who have sponsored my writing for the last week.

More than 10,000 customers in 100 countries rely on OneSpan to secure access, manage identities, verify transactions, simplify document signing and protect high value assets and systems.

In today’s digital era, more and more organizations choose e-Signature technology as part of their digitization process.

OneSpan Sign is the white-labeled solution behind some of the most trusted brands and security-conscious organizations in the world. The last ten industry reports show that OneSpan Sign received the highest overall customer satisfaction score among e-signature products. 99% of users rated it four or five stars.

Try sending and e-signing documents now, free of charge, and discover how to:

  • Enhance user experience across all channels
  • Increase operational efficiency
  • Meet compliance challenges

Start e-signing in minutes on web and mobile, by signing-up for an Unlimited 30-Day Trial now!


If you’re interested in sponsoring my site for a week, and reaching an IT-savvy audience that cares about computer security, you can find more information here.

Read more...
Cyber as a Business Enabler: Operationalizing Cyber Risk Analytics. Download free ebook sneak peek today SPONSOR

Cyber as a Business Enabler: Operationalizing Cyber Risk Analytics. Download free ebook sneak peek today

Many thanks to the great folks at Nehemiah Security, who have sponsored my writing for the last week.

Coming this fall, Nehemiah is releasing their newest ebook, “Cyber as a Business Enabler: Operationalizing Cyber Risk Analytics”. This introductory guide arms the modern day cybersecurity leader to put cyber risk into motion and transform cybersecurity operations into a business enabler.

Topics covered in this book include:

  • The end goal of cyber risk analytics
  • Where to gather the right data
  • Key stakeholders involved
  • What it takes to quantify cyber risks financially

Follow this link for a sneak peek into the content and to reserve your copy when the full book is released!


If you’re interested in sponsoring my site for a week, and reaching an IT-savvy audience that cares about computer security, you can find more information here.

Read more...
Buyer’s Guide to Evaluating Fraud Detection & Prevention Tools (White Paper by OneSpan) SPONSOR

Free buyer’s guide to evaluating fraud detection & prevention tools

Many thanks to the great folks at OneSpan, who have sponsored my writing for the last week.

More than 10,000 customers in 100 countries rely on OneSpan to secure access, manage identities, verify transactions, simplify document signing and protect high value assets and systems.

The fraud detection and prevention market offers a wide range of tools with a wide range of capabilities, but fraud is an ever-evolving threat. Not every tool can keep up with the new fraud schemes in play today.

Download this guide from OneSpan to gain expert insight on the essential capabilities you need in a fraud detection tool. From machine learning and an advanced rule engine to dynamic authentication flows, learn the nine key requirements to look for when comparing fraud solutions.

Inside, you’ll discover:

  • The nine capabilities you need to combat today’s fraud schemes
  • The value of a layered, context-aware online security approach to fraud detection
  • Why analyzing the mobile device itself is so crucial
  • How to explore the full potential of your data
  • How OneSpan’s Risk Analytics solution meets these requirements

Download OneSpan’s “Buyer’s Guide to Evaluating Fraud Detection & Prevention Tools”.


If you’re interested in sponsoring my site for a week, and reaching an IT-savvy audience that cares about computer security, you can find more information here.

Read more...
8 Industry Best Practices for a Successful Mobile First Strategy (eBook by OneSpan) SPONSOR

8 Industry Best Practices for a Successful Mobile First Strategy (eBook by OneSpan)

Many thanks to the great folks at OneSpan, who have sponsored my writing for the last week.

More than 10,000 customers in 100 countries rely on OneSpan to secure access, manage identities, verify transactions, simplify document signing and protect high value assets and systems.

And you can now download OneSpan’s free eBook: “8 Industry Best Practices for a Successful Mobile First Strategy”.

Financial institutions strategically aim for customers to do more with mobile while minimizing fraud exposure tied to untrusted, high-risk devices. To enable growth in the mobile channel, financial institutions need to provide fast, convenient and frictionless high-value services delivered as securely and fraud-proof as possible. Building trust between the bank and the customer is priority one in achieving this goal.

Inside OneSpan’s eBook, you’ll discover how to:

  • Provide a frictionless experience
  • Measure risk on each mobile device
  • Combat social engineering and other threats
  • Simplify document signing
  • Login quickly and securely
  • Adopt an Omni-channel approach
  • Be ready for regulation

Download now: “8 Industry Best Practices for a Successful Mobile First Strategy”.


If you’re interested in sponsoring my site for a week, and reaching an IT-savvy audience that cares about computer security, you can find more information here.

Read more...
Read OneSpan's 8-page report on the top six e-Signature use cases in banking SPONSOR

Read OneSpan’s 8-page report on the top six e-Signature use cases in banking

Many thanks to the great folks at OneSpan, who have sponsored my writing for the last week.

More than 10,000 customers in 100 countries rely on OneSpan to secure access, manage identities, verify transactions, simplify document signing and protect high value assets and systems.

OneSpan has produced a free report on the top six e‑signature use cases in banking. With it you can learn the most common starting points for e‑signatures, plus the top targets for expanding across the enterprise.

E-signatures are being used in all areas of the bank, from customer-facing transactions to B2B and internal processes.

Some banks start by introducing e-signatures as part of a branch transformation initiative. Others begin in the online channel with high volume, self-serve transactions.

As digitalization efforts mature, it is becoming common for organizations such as U.S. Bank, BMO (Bank of Montreal), RBC (Royal Bank of Canada) and even non-bank lenders like OneMain Financial to expand e-signature capability across all channels, lines of business, mobile apps and more.

OneSpan’s free paper offers guidance to banks of all sizes seeking to answer questions like:

  • What are the common challenges in going digital?
  • What are the latest e-signature adoption and technology trends in banking?
  • Where to start, and what is the best way to expand?

Download the OneSpan White Paper “Top e-Signature Use Cases in Banking” now.


If you’re interested in sponsoring my site for a week, and reaching an IT-savvy audience that cares about computer security, you can find more information here.

Read more...
Get trending info on hackers, exploits, and vulnerabilities every day for FREE with the Recorded Future Cyber Daily [Sponsor] SPONSOR

Get FREE threat intelligence on hackers and exploits with the Recorded Future Cyber Daily

Many thanks to the great folks at Recorded Future, who have sponsored my writing for the last week.

Recorded Future provides deep, detailed insight into emerging threats by automatically collecting, analyzing, and organizing billions of data points from the Web.

And now, with its FREE Cyber Daily email, all IT security professionals can access information about the top trending threat indicators - helping you use threat intelligence to help make better decisions quickly and easily.

Which means that you will be able to benefit from a daily update of the following:

  • Information Security Headlines: Top trending news stories.
  • Top Targeted Industries: Companies targeted by cyber attacks, grouped by their industries.
  • Top Hackers: Organizations and people recognized as hackers by Recorded Future.
  • Top Exploited Vulnerabilities: Identified vulnerabilities with language indicating malcode activity. These language indicators range from security research (“reverse engineering,” “proof of concept”) to malicious exploitation (“exploited in the wild,” “weaponized”).
  • Top Vulnerabilities: Identified vulnerabilities that generated significant amounts of event reporting, useful for general vulnerability management.

Infosec professionals agree that the Cyber Daily is an essential tool:

“I look forward to the Cyber Daily update email every morning to start my day. It’s timely and exact, with a quick overview of emerging threats and vulnerabilities. For organizations looking to strengthen their security program with threat intelligence, Recorded Future’s Cyber Daily is the perfect first step that helps to prioritize security actions.” - Tom Doyle, CIO at EBI Consulting.

So, what are you waiting for?

Sign up for the Cyber Daily today, and starting tomorrow you’ll receive the top trending threat indicators.


If you’re interested in sponsoring my site for a week, and reaching an IT-savvy audience that cares about computer security, you can find more information here.

Read more...
Discover the State of Authentication and the Evolving Threat Landscape in this White Paper by OneSpan. Get your copy! SPONSOR

Discover the State of Authentication and the Evolving Threat Landscape in this White Paper by OneSpan. Get your copy!

Many thanks to the great folks at OneSpan, who have sponsored my writing for the last week.

Banks and financial institutions find themselves trying to satisfy competing priorities.

Fraud continues to grow at an alarming pace and in sophistication year-over-year. Meanwhile, the consumer’s patience for additional layers of unnecessary security dwindles.

Banks are forced to decide between alienating their customers and leaving them vulnerable to attack. Intelligent adaptive authentication is a new approach to combatting fraud that solves this problem and achieves the twin goals of reducing fraud and delighting the customer.

Read this free white paper from OneSpan to learn:

  • How to equip your bank to better combat fraud through real-time risk analytics
  • Top solution requirements to look for, including open architecture, AI/machine learning, and advanced rule sets
  • The importance of authentication orchestration, risk analytics and mobile app security in achieving a fully optimized digital banking experience

Download the free “Superior User Experience and Growth Through Intelligent Security” white paper now.


If you’re interested in sponsoring my site for a week, and reaching an IT-savvy audience that cares about computer security, you can find more information here.

Read more...
Free ebook: If your friend was put in charge of a cyber budget, what advice would you give them? SPONSOR

Free eBook: If your friend was put in charge of a cyber budget, what advice would you give them?

Many thanks to the great folks at Nehemiah Security, who have sponsored my writing for the last week.

If your friend was put in charge of measuring cyber risk at a large company, what advice would you give them?

Nehemiah Security created this guide to advance the risk management conversation amongst cyber professionals.

Many would claim they are able to pinpoint technical cyber risks. But few would profess a high level of confidence that they always deploy their resources to the biggest risks facing the company. Fewer still would say they effectively communicate this to their board.

This eBook will change the way you approach and frame cyber risk conversations within your business.

Download the eBook today!


If you’re interested in sponsoring my site for a week, and reaching an IT-savvy audience that cares about computer security, you can find more information here.

Read more...
Looking for another great cyber podcast? CyberTangent is your new home with expert guests every episode SPONSOR

Looking for another great cyber podcast? CyberTangent is your new home with expert guests every episode

Many thanks to the great folks at Nehemiah Security, who have sponsored my writing for the last week.

Nehemiah Security’s “CyberTangent” is a podcast focused on topics like Security Risk Management, Cyber Risk Analytics, Malware Hunting, and more.

This specific episode of “CyberTangent” features our favorite guest, Graham Cluley himself! In this episode, we get to know Graham a little better, starting with how he got into the cybersecurity space and ending with his “love language.”

Start listening now to “CyberTangent”!


If you’re interested in sponsoring my site for a week, and reaching an IT-savvy audience that cares about computer security, you can find more information here.

Read more...
#####EOF##### Operating Systems Archives - Graham Cluley

Archive | Operating Systems

Smashing Security #121: Hijacked motel rooms, ASUS PCs, and leaky apps PODCAST

Smashing Security #121: Hijacked motel rooms, ASUS PCs, and leaky apps

An app leaking private conversations and intimate photographs is ignoring requests to fix the problem, hackers poison a security update sent to ASUS PCs, and how to protect your privacy in motel rooms.

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Maria Varmazis.

Read more...
Smashing Security #115: Love, Nests, and is 2FA destroying the world? PODCAST

Smashing Security #115: Love, Nests, and is 2FA destroying the world?

Is two factor authentication such a pain in the rear end that it’s costing the economy millions? Do you feel safe having a Google Nest in your home? And don’t get caught by a catfisher this Valentine’s Day.

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by B J Mendelson.

Read more...
Smashing Security #095: British Airways hack, Mac apps steal browser history, and one person has 285,000 texts leaked PODCAST

Smashing Security #095: British Airways hack, Mac apps steal browser history, and one person has 285,000 texts leaked

Malicious script is being blamed for the British Airways hack, Trend Micro’s apps are booted out of the Mac App Store for snaffling private data, and Paul Manafort’s daughter wants Twitter to remove a link.

All this and more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by David Emm of Kaspersky Lab.

Read more...
Trend Micro apologises after Mac apps found scooping up users' browser history

Trend Micro apologises after Mac apps found scooping up users’ browser history

Trend Micro has confirmed reports that some of its Mac consumer products were silently sending users’ browser history to its servers, and apologised to customers for any “concern they might have felt.”

But apparently it’s the users’ fault anyway for not reading the EULA.

Read more...
Apps that steal users’ browser histories kicked out of the Mac App store

Apps that steal users’ browser histories kicked out of the Mac App store

Apple has removed “Adware Doctor” from the macOS App Store amid claims that the program was uploading browser histories to China. And it turns out that wasn’t the only popular app stealing users’ private information.

Read more in my article on the Tripwire State of Security blog.

Read more...
Smashing Security #069: Cryptomining, China, and Bob Ross PODCAST

Smashing Security #069: Cryptomining, China, and Bob Ross

How come Apple’s Mac App Store authorised a buggy app that mined for cryptocurrency in the background? How can a Mosquito attack steal data from an air-gapped computer? And is China keeping score on its social media-loving citizens?

All this and much much more is discussed in the latest edition of the “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, who are joined this week by special guest John Hawes.

Read more...
Windows 10 flaw allowed attackers to open malicious websites… even if your PC was locked

Windows 10 flaw allowed attackers to open malicious websites… even if your PC was locked

You may think your Windows 10 computer is locked, but is it really?

Israeli researchers have discovered a way of just using voice commands to make locked Windows 10 computers visit a website under the control of malicious hackers… and potentially install malware.

Read more in my article on the Hot for Security blog.

Read more...
#####EOF##### Microsoft Archives - Graham Cluley

Archive | Microsoft

Windows 10 flaw allowed attackers to open malicious websites… even if your PC was locked

Windows 10 flaw allowed attackers to open malicious websites… even if your PC was locked

You may think your Windows 10 computer is locked, but is it really?

Israeli researchers have discovered a way of just using voice commands to make locked Windows 10 computers visit a website under the control of malicious hackers… and potentially install malware.

Read more in my article on the Hot for Security blog.

Read more...
Smashing Security #060: Meltdown, Spectre, and personal devices in the White House PODCAST

Smashing Security #060: Meltdown, Spectre, and personal devices in the White House

The chips are down, as tech companies struggle to protect against the Meltdown and Spectre flaws. The White House is getting tough on leakers by banning personal devices from the West Wing. And someone has been embedding a Bitcoin wallet into their hand…

All this and much much more is discussed in latest edition of the “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by David McClelland.

Read more...
Smashing Security podcast #058: Face ID, Firefox, and Windows SNAFUs, plus Bitcoin FOMO PODCAST

Smashing Security podcast #058: Face ID, Firefox, and Windows SNAFUs, plus Bitcoin FOMO

Is Face ID racist? Has Mr Robot infected your Firefox browser? Has Microsoft pushed a buggy password manager onto your Windows PC?

All this and much much more is discussed in the special first birthday edition of the “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by original co-host Vanja Švajcer.

Read more...
#####EOF##### A PSA for twits on Twitter

A PSA for twits on Twitter

Surprise! If you tell Twitter you're under 13 years old, they'll lock your account.
               

A Twitter PSA for twits

It’s amazing that a public service announcement like this even has to be made:

We’ve noticed a prank trying to get people to change their Twitter birthday in their profile to 2007 to unlock new color schemes. Please don’t do this. You’ll get locked out for being under 13 years old.

— Twitter Support (@TwitterSupport) March 26, 2019

Twitter’s support team felt the need to warn users not to fall for a prank that told them Twitter’s user interface would offer them new colours if they told the service they were born in 2007, after a wave of users locked themselves out of their accounts.

Twitter, like many other services, doesn’t allow underage users to sign-up for their site.

I don’t know what’s a poorer reflection on society - that people didn’t realise the implication of claiming they were 12 years old, or that they were lured by something as daft as a new colour scheme.

Twitters

Of course, some good might have come out of it if certain people had been locked out of their Twitter accounts.

Trump twit

Tags: ,

Share this article:

   Join thousands of others and sign up to our free "GCHQ" newsletter.

Smashing Security podcast
Check out "Smashing Security", the award-winning weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"It's brilliant!" • "Three people having fun in an industry often focused on bad news" • Winner of the Best Security Podcast 2018

Latest episodes:
Listen on Apple Podcasts Listen on Google Podcasts

,

2 Responses

  1. Etaoin Shrdlu

    March 28, 2019 at 11:59 am #

    Does every single news item have to be turned into a political rant? And always from the same perspective, too.

    • Graham Cluley in reply to Etaoin Shrdlu.

      March 28, 2019 at 12:03 pm #

      It was hardly a political rant. I was just quoting someone else’s tweet.

      And it *was* funny. I like to share a little humour from time to time, and we all know that Donald Trump likes a good joke. I’m sure he and his supporters can see the funny side.

      (If you want rants, you should see me get started on Brexit…)

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

#####EOF##### Blox - retro DOS Tetris-style game

Blox

I was studying at Bristol Polytechnic in 1990 when I first came across a game called Tetris. A friend had a version of the game for his PC, and I quickly recognised how addictive the game was, and that with so little movement on the screen it would be easy to write the game effectively in Pascal.

So I sat down at my computer and wrote a version of Tetris, which I called Blox. There were some differences from the regular version of Tetris - my quick play of Tetris hadn’t made me familiar with the scoring system and the tray into which pieces fell was possibly (I’m still not sure) wider than in the original game.

Blox

Unusually for a PC game, Blox plays in 40 column text mode. This was chosen for bolder more arcade-like graphics on the screen, whilst still remaining in speedy text mode.

In 1990/91 Blox became a firm favourite in the computer rooms of Bristol Polytechnic, and it wasn’t unusual to walk into a lab to find half a dozen people playing the game.

Blox "boss screen"This in itself posed a problem - students wanted to play Blox because it was so addictive, but tutors were keen that they should be working instead.

The obvious answer was to hide that they were playing Blox, rather than working on a project. The computers in Bristol Poly’s computer labs came pre-installed with a spreadsheet program called VP-Planner.

So I added a “boss key” to Blox which would instantly pop up a bogus screen which pretended to be VP-Planner whenever the player pressed the ESC key.

However, it wasn’t enough to make the boss screen static, the disguise would be more convincing if students could enter fake data into the fake spreadsheet, move the cursor, all precisely replicating the basic behaviour of VP-Planner.

And so it came to be that Blox had probably one of the most sophisticated boss screens of any game of the era!

Towards the end of 1990 Blox made an appearance on the cover disk of What PC magazine.

Blox on What PC's cover disk

Blox and Bletchley Park

In 2009, a reader told me that my game Blox was on display at the National Museum of Computing at Bletchley Park.

Bletchley Park, of course, is the place where British World War II codebreakers managed to break the ciphers used by the German Engima machines. It’s a great day out for anyone interested in computing.


Blox at Bletchley Park

I’m really rather proud of Blox being on display at Bletchley Park. :)

#####EOF##### Video Archives - Graham Cluley

Archive | Video

Smashing Security #004: 'You don't mess with Brian Krebs' VIDEO
PODCAST

Smashing Security #004: ‘You don’t mess with Brian Krebs’

Join me and fellow computer security industry veterans Vanja Svajcer and Carole Theriault as we have another casual chat about whatever is on our minds.

This week: the Spora ransomware that offers you more than just your encrypted files back, Brian Krebs busts the alleged masterminds behind the Mirai botnet, and be careful that your IT staff aren’t the only ones who know your company’s passwords.

Oh, and we’re now a podcast as well as a video… :)

Read more...
Smashing Security #003: 'Alexa! Get me an axe!' VIDEO
PODCAST

Smashing Security #003: ‘Alexa! Get me an axe!’

Join me and fellow computer security industry veterans Vanja Svajcer and Carole Theriault as we have another casual video chat about whatever is on our minds.

This week: Donald Trump and *that* secret dossier, MongoDB databases under attack, Microsoft employees suffering from PTSD, and Alexa buying doll houses.

Read more...
Smashing 002 thumb VIDEO
PODCAST

Smashing Security #002: ‘Invest in carrier pigeons’

Join me and fellow computer security industry veterans Vanja Svajcer and Carole Theriault as we have another casual video chat about whatever is on our minds.

This week we discuss Donald Trump’s views on cybersecurity and his radical explanation of how to keep communications top secret, Ukrainian soldiers being spied upon by Android malware, and an artist who has devised a novel way of avoiding facial recognition technology.

Read more...
Smashing Security #001: 'One cup, two hotel guests' VIDEO
PODCAST

Smashing Security #001: ‘One cup, two hotel guests’

Join me and fellow computer security industry veterans Vanja Svajcer and Carole Theriault as we started a Live Stream video to have a casual chat about whatever is on our minds.

This week we discuss the pains of providing tech support to family and friends, how writing down your passwords might actually sometimes be a good idea, and muse on cloud backup services.

Read more...
#####EOF##### iOS Archives - Graham Cluley

Archive | iOS

Smashing Security #118: The 's' in IoT stands for security PODCAST

Smashing Security #118: The ‘s’ in IoT stands for security

Twerking robot assistants, an app from Saudi Arabia that lets men track women, and a gnarly skiing security snarl-up!

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by technology journalist Geoff White.

Read more...
Smashing Security #115: Love, Nests, and is 2FA destroying the world? PODCAST

Smashing Security #115: Love, Nests, and is 2FA destroying the world?

Is two factor authentication such a pain in the rear end that it’s costing the economy millions? Do you feel safe having a Google Nest in your home? And don’t get caught by a catfisher this Valentine’s Day.

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by B J Mendelson.

Read more...
Smashing Security #113: FaceTime, Facebook, faceplant PODCAST

Smashing Security #113: FaceTime, Facebook, faceplant

FaceTime bug allows callers to see and hear you *before* you answer the phone, Facebook’s Nick Clegg tries to convince us the social network is changing its ways, and IoT hacking is big in Japan.

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by John Hawes from AMTSO.

Read more...
#####EOF##### Google Plus Archives - Graham Cluley

Archive | Google Plus

#####EOF##### Jacaranda Jim - retro text adventure game. Free download

Jacaranda Jim

Free text adventure game by Graham Cluley

Rocket ship

Following an attack on his cargo-ship by an army of homicidal beechwood armchairs Jacaranda Jim is forced to crashland on the strange world of Ibberspleen IV. Rescued from the burning wreckage by the mysteriously smug Alan the Gribbley, Jim has to do battle with manic-depressive deckchair attendants, the Ibberspleen Post Office and a very sinister network of dank caves.

  • What is the secret of the floating sphere?
  • Why has Alan been hypnotised?
  • What would you do with a cucumber, a gin-spitting pirate and a piece of gristle? No, don’t answer that.

All this, and more, is revealed in Jacaranda Jim.


Free download of Jacaranda Jim text adventure game!

JACARANDA JIM Version 5.0

Requires DOS. File size: 93 KB (95,077 bytes). NOTE: If you have a modern version of Windows, it may not support 16-bit DOS programs. Some game players have reported having good results by using free DOS emulators like vDOS, DOSBox or Boxer.

Jacaranda Jim running in DOSBox

Another note: This version says it is still shareware. Trust me - Jim is now in the public domain and free. I don’t sell or support it any longer. See elsewhere on this page for more information.

You will need to decompress the file using an unzipping tool like those available from WinZip.


ONLINE HINTS

Hints and tips for Jacaranda Jim

Requires DOS or Windows. File size: 13 KB (13,599 bytes)

Originally “Jacaranda Jim” was a shareware game, which required players to register to get access to maps and online hints. In May 1997 I placed Jacaranda Jim in the public domain, so I have made publicly available the online hints. Unzip the file in the same directory as Jacaranda Jim to enable the hints facility. Whenever you get stuck during the game just enter “HINT” at the prompt.

You will need to decompress the file using an unzipping tool like those available from WinZip.


FULL SOLUTION

A step-by-step complete solution for Jacaranda Jim.

BEWARE! This file can seriously damage your enjoyment of the game. It’s much more fun to try and work out how to complete Jacaranda Jim on your own. You have been warned.


Background

Jacaranda Jim was first written in about 1987 whilst I was studying at Guildford College of Technology in the UK. Originally it was written on the PRIME minicomputer under the name “Derek the Troll” (Derek was the character who was eventually named Alan the Gribbley).

Derek was named after a lecturer who gave the accountancy module of the computer course I was taking - the lecturers didn’t take kindly to me lampooning a lecturer, and so Derek was renamed Alan the Gribbley (the “real” Alan was a mature student on the course with a ghastly beard who always carried a copy of PC Tools around with him). Of course, Alan the Gribbley still had sprinklings of accountancy about him - and can often be heard muttering the magic word “invoices”.

During my time at Guildford I was introduced to the IBM PC for the first time, and the game was ported (and further developed) on that platform.

I no longer sell or support Jacaranda Jim or my other adventure game, Humbug. I have placed both in the public domain - so feel free to play them as much as you like, and copy them here, there and everywhere.

You might like to point people to my website at https://www.grahamcluley.com too.

I hope you get as much fun from playing the games as I did writing them all those years ago.

P.S. You must remember that I wrote these games a very long time ago, and I don’t really remember the solutions. So it’s not usually worthwhile emailing me asking questions about them! :) Fortunately other people on the net have worked out the full solutions if you’re desperate.

#####EOF##### Java Archives - Graham Cluley

Archive | Java

Oracle ordered to admit it deceived users over Java security updates for years

Oracle ordered to admit it deceived users over Java security updates for years

You would probably like to imagine that if you have been religiously installing Java security updates over the years that you’ve been doing your bit to reduce the opportunities for hackers to exploit the software on your computers.

Well, it’s not quite as simple as that.

Read more on the Hot for Security blog.

Read more...
YouTube malware attacks

YouTube ads spread banking malware

Security researchers at Bromium have discovered that hackers were spreading malware onto computers while unsuspecting users were watching YouTube videos.

The drive-by-download attack was distributed via adverts shown on the YouTube website, and used an exploit kit to infect Windows PCs with a version of the Caphaw banking Trojan.

Read more...
#####EOF##### Feed only Archives - Graham Cluley

Sorry, no posts matched your criteria.

#####EOF##### LinkedIn Archives - Graham Cluley

Archive | LinkedIn

Smashing Security #117: SWATs on a plane PODCAST

Smashing Security #117: SWATs on a plane

Why is Tampa’s mayor tweeting about blowing up the airport? Are hackers trying to connect with you via LinkedIn? And has Maria succeeded in her attempt to survive February without Facebook?

All this and much much more in the latest edition of the “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Maria Varmazis.

Plus, after last week’s discussion about the legal battle between Mondelez and Zurich Insurance, we have a chat with security veteran Martin Overton to take a deeper look into cyberinsurance.

Read more...
Cluley 250 thumb

IT security woman hits back at sexist trolls on LinkedIn

UK IT security firm Foursys writes:

Should we police or dictate how our employees dress? Should we only allow them to represent our brand if they have a specific body type or sense of style?

What about internet commenters or trolls? Is it ok for them to bombard our employees with abuse?

Foursys is asking these questions after Jayde, one of its sales executives, appeared in a harmless social media post on LinkedIn - celebrating that the firm now had 500 followers on the professional social network.

The response on LinkedIn was ghastly, with many offensive, derogatory and often sexual comments made towards Jayde.

Jayde, however, has stood up to the bullies - making her own brave video response where she details some of the abuse she received:

“For all of those who say that I know nothing about IT security: Shame on you. I know more than 99% of people you’d meet on the street. I can tell you what a denial-of-service attack is, how SQL injection works, and how to your protect against ransomware. To be perfectly clear: Bullying and shaming people because of the way that they look or how they choose to dress is nasty, and I am not just going to take it - and neither should you.”

Hear hear.

I find it extraordinary that some people would make such hurtful and mean remarks… and particularly dumb that so many did so on LinkedIn, which details their real names, jobs and places of employment.

Seriously, the IT security world needs to grow up and stop thinking that women can be treated in such an appalling way.

Watch Jayde’s video response to the cyber-bullies on YouTube, and read more in Foursys’s blog post.

#####EOF##### Windows phone Archives - Graham Cluley

Archive | Windows phone

#####EOF##### Humbug - reviews of classic text adventure game

Reviews of Humbug


Humbug
Review by Sue Medley, Syntax, 1991

I know from personal experience that it isn’t easy to write an adventure game, but I’ve often thought that it must be several times harder to write one which is funny too. Trying to get the right balance of humour while juggling flags and counters and trying to ensure a good story and mix of puzzles at the same time seems an impossible task. But luckily there are a few people who have achieved the impossible and one of them is the author of Humbug and an equally funny game, Jacaranda Jim. One final point to ponder is that he’s programmed both games from scratch too! Makes you feel ‘umble, doesn’t it.…

Anyway, back to Humbug itself.

The title comes from the fact that, once again, you’ve been sent to boring old Attervist Manor to spend the school holidays with Grandad - and this is the Christmas holiday. The old codger is a bit of a trouble-maker so the idea is that you’re supposed to keep him out of mischief. Fat chance! When you enter the Manor, after being dropped off by a cab, you find him fast asleep in his chair, clutching a document from his neighbour’s solicitor.

It seems that Grandad is in a bit of a spot financially and his neighbour, Jasper Slake, has offered to settle his debts for him in exchange for ownership of the Manor - what a nerve! Gramps must think so too ‘cos he’s written a rather rude word on the document; he obviously doesn’t fancy the idea suggested in it that he goes into an Old Folks’ Home.

Slake thinks Grandad is crazy too, partly because he says there’s treasure hidden in the grounds of the Manor. Well, Slake could be right - after all, Grandad idolises Napoleon Bonaparte and dresses just like him! On the other hand, if he isn’t crazy and there IS treasure somewhere about and you could find it, it’d solve all the old boy’s problems. Plus it would give you something to do in this awful weather.….

Whereas Jacaranda Jim was a really fun game to play, Humbug is even larger and more amusing with lots of weird objects to collect and wonder what to use them for and the house is riddled with strange chutes which lead .…. who knows where.

There are several creatures around the Manor and its grounds too; a bear cub searches for food in the woods, an owl sits in the attic, a hedgehog hibernates by the boiler while an aardvark in a suit sleeps on top of a washing machine and a wumpus (eh?) is trapped in a perspex tube. Can you get it out without sending the poor thing into orbit? I especially liked Grandad’s cat, Schrodinger, who wanders from room to room. You can play a game called Wubble-a-Gloop with a games-crazy octopus too, if you’ve got the nerve and can work out how to beat him.

The human NPCs are equally realistic, from Grandad’s gardener, Horace, who will foil any attempts you make to map a large maze in the garden by collecting any objects you drop and putting them in his dustbin, to several Vikings (one of whom wears a Marks and Sparks coat and carries a Filofax), a gravedigger and a barman. You’ll meet the last two characters once you use Grandad’s wonderful invention - a time machine, which will take you back to the Attervist Manor of Victorian times.

Grandad has invented other items apart from the time machine. His speciality seems to be robots which have been constructed from the odds and sods that anyone else would throw away; milk bottle tops, pipe cleaners, old treacle jars and the like. You’ll find several of these on your travels. The best one, though, has got to be Kevin, the clockwork shark. Just read this description, taken from the game:

    “I am in the pantry. It is a small, dark room - the only source of light being a barred oval window built close to the ceiling in the west wall. A definite niff of seaweed wafts around the shelves. Small mountains of marzipan and icing sugar are liberally scattered across the dark stone floor. There is a movement from behind one of the taller mounds of marzipan and a shark totters around on his hind fins. The shark smiles benignly at me, “Hello, my little poppet”. The shark paternally pats me on the head with a damp flipper and flamboyantly places a small caddy on one of the pantry shelves. The shark smiles at me again and waggles his eyebrows in anticipation of my response.”

Sue Medley, SynTax



Humbug
Review by Crispin Boylan, SPAG, 1997

This game has been around for years, and is one of the more popular interactive fiction titles in Britain, and was, until recently, a shareware title which had to be registered (with the registered version you got a solution to the maze which was otherwise unsolvable, and you could also save and load games to disk). Times they are a changin’ however, and now the game has been released into the public domain due to the author not having enough time to sell or support the game anymore. Cluley has actually produced this game without the aid of any of the text adventure creation languages, a huge feat for a game this size!

Anyway that’s the history out of the way, now to get to the meat of this review, the game itself. It all opens with you, Sidney Widdershins, arriving at your senile old grandad’s estate for a short stay during the Christmas Holidays. You planned to explore the old windmill in the grounds of Attervist Manor, but as you arrive you realise that something is amiss, especially when Grandad does not appear to be around!

Closer inspection of the house reveals grandad sleeping in his armchair, seemingly unwakeable, he has a rather interesting document in his possession, a legal document asking for grandad to hand over the manor to his new neighbour, Jasper Slake, who will take proper care of the manor.

It seems during that the old fool is broke, and has let the manor fall into a state of disrepair, and his mutterings to Jasper of secret treasure hidden in the grounds of the manor, and the ‘wild woman of the hills’ have done nothing to prove his mental stability!

Grandad and Slake are bitter enemies, only recently, the letter explains, did Grandad plant a scale model of the Champs Elysee in Slakes garden! So, on discovering this news it is still unclear as to your mission, do you have to find the treasure? or maybe stop Slake?

This is one of the best points of the game, you are constantly fed with small snippets of the plot, which is consistent, and of good quality.

There is one major feature of this game which makes it stick out from the rest, it is completely weird and surreal, you only have to look at the NPCs to see this, Kevin, a clockwork shark, built by Grandad as his contribution to the war effort; Sven, the viking, whose ship has been caught in the manors lake as it froze; and Horace the groundsman, who travels round the maze collecting any ‘litter’ in the form of objects, that you may have deposited, he also only talks to vegetables!

Some of the NPCs are better than others, but all are likeable, apart from the villain, Jasper, of course. The NPCs, on the whole are not too talkative, but then again they really don’t need to be.

This game has a maximum score of 2000 points, so you can expect quite a few puzzles in this little gem, most of which are quite logical, but there are some very hard puzzles which you really have to think about.

The game also has a bit of organisation needed, you must do the puzzles in a certain order or you won’t be able to complete others, this is a bit annoying, but it is quite obvious, and easy to get around. To get the final few points you have to do a bit of verb searching, for example typing ‘PRAY’, earns the response ‘A voice from below shouts, “I don’t know how you’ve got the nerve!“ â€˜ and earns you 10 points, but does little else, my top score is 1920, so I still have to get those last few!

There are over 200 objects and 100 locations in this game, so it’s pretty big, and the locations are varied, and when I say that I mean Varied with a capital V, there are such bizzare locations as a alien bar, a trip back in time, a fairie’s den, a junk yard, a bus stop, and all of this takes place in the manor’s cellars!!

The parser’s vocabulary is pretty extensive, but does it doesn’t stretch to multiple commands in the same sentence, still I like it.

This game is very funny, you can’t help but laugh at some of the jokes that examining some objects brings up, and the whole thing is just so surreal! The atmosphere is very good and you can just imagine being there, the writing is on the whole very detailed and descriptive.

As a player with a bit of experience (I haven’t completed all the Infocom games, but I’ve played through a few) I found this game hard (I desperately needed the on-line hints), but very rewarding, just wait until you see the ending, it’s brilliantly funny, and you’ll never guess it!!!!

This is a great game, download it now.

Crispin Boylan, SPAG



Humbug: “Quiet Eccentricity”
By Theo Clarke, Strategy Plus, 1991

My collection is crowded with adventures set in gothic mansions with extensive grounds, absurdly convoluted catacombs and a maze of twisty little passages all the same. I suspect that Graham Cluley’s collection is much the same. Humbug is the most entertaining text adventure that I have played since Infocom’s Hitchhiker’s Guide to the Galaxy back in 1984. It is crowded with wit and challenging puzzles that open up to logical approaches.

Sidney Widdershins is spending a few days of the Christmas holiday at Attervist Manor, the home of his eccentric inventor Grandad. Grandad’s neighbour, Jasper Slake, wants to buy the Manor and has suggested that the old man is more than merely eccentric. Given that Grandad dresses as Napoleon and claims that there is a treasure to be found in the old house, Jasper could be right.

Grandad is heavily in debt but he is a successful inventor. There is a time machine in the cellar and some very odd robots turn up in the most unlikely places. Perhaps there really is some hidden treasure and Sidney may be able to sort things out if he can only find the loot.

Attervist Manor and its grounds contain about a hundred rooms and over two hundred different items. The parser is robust and refreshingly obvious. Actions involve simple phrases and there appear to be no cases of the thesaurus-driven puzzle that can be the adventurer’s bane. The logic of the game is inescapable; find a chimpanzee and you know that there will be a banana somewhere with which to bribe him. When the links are not obvious it is possible to pick up further clues by questioning the rather curious characters that populate the game.

Quiet absurdity is the core of this adventure. There is Kevin, a camp robot shark built by Grandad. There is a Nim-playing octopus and a Viking carrying a filofax. All of this daftness is tied together with an internal logic that seduces the player into Cluley’s world.

The game achieves the optimum balance of challenge, charm, silliness and sophistication. There are all manner of knowing jokes about the nature of adventure games. For example, when Sidney enters a crypt he sees something trapped in a tube. Closer inspection reveals

    “a cuddly wumpus, a small round ball of a creature covered in soft pink fur. Over the years the wumpus species has suffered more than most. Misguided adventurers have been led to believe that wumpi are large fang-ridden creatures with a taste for human blood, and that Hunt the Wumpus is an honourable pastime. The truth couldn’t be more different: the wumpus is a timid creature who prefers an evening in with a good book and Mozart on the hi-fi to mayhem and slaughter.”

Current wisdom is that people don’t want to use a keyboard to play games. The same pundits claim that successful games have graphics. This has led to clumsy marriages of pictures to text adventures and to the sophisticated animated adventures from Sierra and their competitors. But there are some forms of humour that rely on words alone and Humbug makes the most of this.

If you don’t like puzzles you won’t like adventure games but there can be few PC gamers out there who won’t get their money’s worth.

Theo Clarke, Strategy Plus



Humbug
Review by Alex Freeman, SPAG, 2001

In this game, you are Sidney Widdershins and have been sent to Granddad’s for the winter holidays. When you arrive there after being deposited by a taxi and get in, you find that Granddad is asleep and is holding a document. When you read it, you find that Granddad’s neighbor, Jasper, has offered to buy Granddad’s home, Attervist Manor, since Granddad is so deeply in debt. Granddad claims that there is hidden treasure in the grounds of the manor, but Jasper apparently thinks he is nuts. Granddad thinks lowly of Jasper and has written a rude word on the document (not shown in the game). However, if Granddad is not nuts and if there really is hidden treasure, you could help him get out of debt.

The atmosphere is unique and quite odd. For instance, there is a Viking called Sven whose boat has been caught in the frozen lake nearby the manor. There are also a bar, a hacker, and an octopus underneath the manor. The game also does not always make sense. For instance, what is giant slug doing in the manor? But, eh, who cares? It makes the game
interesting.

There are other interesting places you can explore, such as the forest maze and the manor back in the Victorian times (via time machine).

The NPCs are fairly well developed. You can get to know them better by asking them questions in the format “ask character about subject”. Obviously, the characters can’t have a special response for everything, so when you ask a character about something or someone he doesn’t know (e.g. asking someone who lives in the Victorian times about someone who lives in modern times) the character has a special response to indicate
that he doesn’t know anything about what you’ve asked. One of my favorite responses is the one you get when you ask Horace the gardener about something he doesn’t know:


    Horace looks suspiciously at me, but remains silent. I am not sure it is in his terms of employment to actually communicate with sentient life forms. Herbs and vegetables he can cope with, but people give him problems.

Another interesting NPC is Kevin the clockwork shark, who is one of Granddad’s many inventions and was made by him during WWII. You get this description of him upon entering the pantry for the first time:


    I am in the pantry. It is a small, dark room - the only source of light being a barred oval window built close to the ceiling in the west wall. A definite niff of seaweed wafts around the shelves. Small mountains of marzipan and icing sugar are liberally scattered across the damp stone floor. There is a movement from behind one of the taller mounds of marzipan and a shark totters around on his hind fins. The shark smiles benignly at me, “Hello my little sugar-plum.” The shark paternally pats me on the head with a damp flipper, flamboyantly places a small caddy on one of the pantry shelves. The shark smiles at me again, and waggles his eyebrows in anticipation of my response.

There are many other NPCs, such as a Victorian grave digger, Alex the hacker, Jasper, and, of course, Granddad.

As you’ve probably noticed, the writing is quite descriptive. It’s also quite humorous. In fact, my wildcard points are for the humour in the game. You also get funny responses if you try do silly actions. For instance, typing DRINK PETROL gives you the response “Heh, heh. I think not.” You even get 10 points for it! My only complaint about it is that it contains a few minor punctuation errors (as you might have noticed).

The parser is very good. It can understand fairly sophisticated sentences and is easy to use, but it doesn’t do some fancy stuff like recognizing multiple sentences (not that I would type multiple sentences if I could but still).

However, this game has one serious flaw. Most of the puzzles are either too easy or too hard. For instance, I find a banana and later I find a chimp. Gee, I wonder what to do next. That one is, of course, an example of a puzzle that’s too easy. A puzzle that is too hard is how you’re supposed to put out the fire underneath the manor. I don’t know how anyone is supposed to figure that puzzle out! It is quite illogical. The hint system partially solves this problem, and it is quite good, but it is no substitute for good puzzles. The only problem with it is if you can’t solve a puzzle because you haven’t solved another puzzle, it won’t tell you that. Instead it gives a hint or the solution (it depends on which you choose) of the puzzle whose solution you have requested. I ended up getting solutions to puzzles I probably could have solved on my own in this way because I didn’t realize that it wasn’t the puzzle I was currently trying to solve that was the problem but some other one.

However, don’t get me wrong. Not all the puzzles are bad. In fact, almost half are quite good. It’s just that there should have been more good ones.

I also managed to find one bug in the game. In Humbug, you can EXAMINE objects, or you can LOOK at them in order to get descriptions. You can abbreviate EXAMINE with x and LOOK with l. I am more used to LOOKing at objects than I am to EXAMINing them, so I used the abbreviation l. This abbreviation worked on all the objects on which I tried it out EXCEPT one. During the game, I decided to look at my hair because I thought maybe that would help me solve a puzzle (I won’t say how). When I typed “l hair”, the game didn’t seem to understand the command. I later used the hint system to get the solution to the puzzle that involved my hair. I wondered how I could have solved that puzzle since I figured that I couldn’t look at my hair. However, when I looked at a written solution for Humbug, I found out that you’re supposed to type “x hair”. The hair, apparently, is the only object at which you can’t LOOK but still can EXAMINE, which isn’t supposed to be the case for any of the objects. This bug effectively prevented me from solving an important puzzle in the game.

Anyhow, the plot in Humbug is wonderful! I’d say it’s the best part of the game! You are given bits of the story as the game progresses, and there’s one major plot twist! The ending is spectacular and was really fun to read!

Overall, Humbug is a good game and is worth playing. Just be prepared for some illogical puzzles here and there. It could have been an excellent game if the puzzles had been better.

Atmosphere: 1.8
Gameplay: 1.5

Writing: 1.8
Plot: 2.0
Humour: 1.6
Total: 8.7
Characters: 1.5
Puzzles: .8

Alex Freeman, SPAG



#####EOF##### Podcasts | Graham Cluley

Podcasts

Smashing SecurityEvery week (normally Thursday) I appear on the “Smashing Security” podcast with Carole Theriault and a variety of special guests.

If you want to listen in to three veterans of the computer security industry gabbing off about whatever is on our minds, you should really tune in.

And if you enjoy what you hear, please subscribe in Apple Podcasts and leave a review (other podcast apps are available).

Latest episodes:

More…

Listen on Apple Podcasts | Google Podcasts | Other… | RSS

#####EOF##### Mobile Archives - Graham Cluley

Archive | Mobile

Smashing Security #118: The 's' in IoT stands for security PODCAST

Smashing Security #118: The ‘s’ in IoT stands for security

Twerking robot assistants, an app from Saudi Arabia that lets men track women, and a gnarly skiing security snarl-up!

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by technology journalist Geoff White.

Read more...
Smashing Security #116: Stalking debtors, Facebook farce, and a cyber insurance snag PODCAST

Smashing Security #116: Stalking debtors, Facebook farce, and a cyber insurance snag

How would *you* track someone who owed you money? What was the colossal flaw Facebook left on its website for anyone to exploit and hijack accounts? And what excuse are insurance companies giving for not paying victims of the NotPetya malware millions of dollars?

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Joe Carrigan of the Information Security Institute at Johns Hopkins University.

Read more...
Smashing Security #115: Love, Nests, and is 2FA destroying the world? PODCAST

Smashing Security #115: Love, Nests, and is 2FA destroying the world?

Is two factor authentication such a pain in the rear end that it’s costing the economy millions? Do you feel safe having a Google Nest in your home? And don’t get caught by a catfisher this Valentine’s Day.

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by B J Mendelson.

Read more...
Smashing Security #114: Darknet Diaries, death, and beauty apps PODCAST

Smashing Security #114: Darknet Diaries, death, and beauty apps

Jack Rhysider from the “Darknet Diaries” podcast joins us to chat about his interview with the elusive Hacker Giraffe, how a death is preventing cryptocurrency investors from reaching their money, and how ‘beauty camera’ apps are redirecting users to phishing websites and stealing their selfies.

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast, hosted by computer security veterans Graham Cluley and Carole Theriault.

Read more...
Smashing Security #113: FaceTime, Facebook, faceplant PODCAST

Smashing Security #113: FaceTime, Facebook, faceplant

FaceTime bug allows callers to see and hear you *before* you answer the phone, Facebook’s Nick Clegg tries to convince us the social network is changing its ways, and IoT hacking is big in Japan.

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by John Hawes from AMTSO.

Read more...
#####EOF##### Vulnerability Archives - Graham Cluley

Archive | Vulnerability

Smashing Security #122: The big fat con at Office Depot PODCAST

Smashing Security #122: The big fat con at Office Depot

Office Depot and OfficeMax are fined millions for tricking customers into thinking their computers were infected with malware, car alarms can make your vehicle less secure, and facial recognition in apartment blocks comes under the microscope.

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by The Cyberwire’s Dave Bittner.

Read more...
Online training site says it is spamming insecure printers with adverts

Online training site says it is spamming insecure printers with adverts

Online training site Skillbox says that it has come up with an imaginative way to reach out to potential clients, and invite them to change their careers from being accountants and become graphical designers instead.

The Russian firm’s idea? To send a spam message to thousands of printers left open to the internet.

Is this really happening again?

Read more...
Smashing Security #118: The 's' in IoT stands for security PODCAST

Smashing Security #118: The ‘s’ in IoT stands for security

Twerking robot assistants, an app from Saudi Arabia that lets men track women, and a gnarly skiing security snarl-up!

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by technology journalist Geoff White.

Read more...
Smashing Security #116: Stalking debtors, Facebook farce, and a cyber insurance snag PODCAST

Smashing Security #116: Stalking debtors, Facebook farce, and a cyber insurance snag

How would *you* track someone who owed you money? What was the colossal flaw Facebook left on its website for anyone to exploit and hijack accounts? And what excuse are insurance companies giving for not paying victims of the NotPetya malware millions of dollars?

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Joe Carrigan of the Information Security Institute at Johns Hopkins University.

Read more...
VFEmail suffers 'catastrophic' attack, as hacker wipes email service's primary and backup data

VFEmail suffers ‘catastrophic’ attack, as hacker wipes email service’s primary and backup data

There will be many angry customers of VFEmail who will be distraught at the thought that years’ worth of irreplaceable personal and business correspondence may have been wiped out. It’s understandable that some might turn their fury towards VFEmail.

But VFEmail is a victim too.

Read more...
Smashing Security #114: Darknet Diaries, death, and beauty apps PODCAST

Smashing Security #114: Darknet Diaries, death, and beauty apps

Jack Rhysider from the “Darknet Diaries” podcast joins us to chat about his interview with the elusive Hacker Giraffe, how a death is preventing cryptocurrency investors from reaching their money, and how ‘beauty camera’ apps are redirecting users to phishing websites and stealing their selfies.

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast, hosted by computer security veterans Graham Cluley and Carole Theriault.

Read more...
Smashing Security #113: FaceTime, Facebook, faceplant PODCAST

Smashing Security #113: FaceTime, Facebook, faceplant

FaceTime bug allows callers to see and hear you *before* you answer the phone, Facebook’s Nick Clegg tries to convince us the social network is changing its ways, and IoT hacking is big in Japan.

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by John Hawes from AMTSO.

Read more...
#####EOF##### Yahoo Archives - Graham Cluley

Archive | Yahoo

US charges Russian FSB officials in connection with massive Yahoo security breach

US charges Russian FSB officials in connection with massive Yahoo security breach

The United States has charged four men, including two officials of Russia’s FSB intelligence agency, in connection with a hacking attack against Yahoo that saw the details of 500 million users stolen and the use of forged cookies to break into accounts.

Read more in my article on the We Live Security blog.

Read more...
#####EOF##### Data loss Archives - Graham Cluley

Archive | Data loss

Smashing Security #121: Hijacked motel rooms, ASUS PCs, and leaky apps PODCAST

Smashing Security #121: Hijacked motel rooms, ASUS PCs, and leaky apps

An app leaking private conversations and intimate photographs is ignoring requests to fix the problem, hackers poison a security update sent to ASUS PCs, and how to protect your privacy in motel rooms.

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Maria Varmazis.

Read more...
Smashing Security #120: Silk Road with Deliveroo PODCAST

Smashing Security #120: Silk Road with Deliveroo

Online drug dealers get busted due to poor OPSEC! People are still failing to wipe their USB sticks properly! A potential presidential candidate is outed as a former hacker! Flat Earthers! Pi! Empathy!

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Paul Ducklin.

Read more...
VFEmail suffers 'catastrophic' attack, as hacker wipes email service's primary and backup data

VFEmail suffers ‘catastrophic’ attack, as hacker wipes email service’s primary and backup data

There will be many angry customers of VFEmail who will be distraught at the thought that years’ worth of irreplaceable personal and business correspondence may have been wiped out. It’s understandable that some might turn their fury towards VFEmail.

But VFEmail is a victim too.

Read more...
#####EOF##### Terrorist's mainfesto used to spread disk-wiping malware

Terrorist’s mainfesto used to spread disk-wiping malware

Be careful what you download...
               

New Zealand shooter's manifesto used to spread disk-wiping malware
The world was horrified earlier this month by the mass-shootings of worshippers at mosques in Christchurch, New Zealand.

The alleged culprit reportedly distributed a 73-page so-called manifesto entitled “The Great Replacement”, chockablock with white supremacist rhetoric.

The document was circulated on forums and social media websites, and - in an attempt to prevent its spread - New Zealand’s government classified it as “objectionable”, and made it a crime to possess or distribute it anywhere in the country.

Well, if you needed any other reason not to hunt the internet for a copy of “The Great Replacement” to download, here’s one from the research team at security firm Blue Hexagon.

As researcher Irfan Asrar describes, someone has taken a copy of shooter’s Word document and weaponised it to download malicious code from the internet.

Anyone opening the modified manifesto could find their computer’s Master Boot Record (MBR) destructively overwritten, and as their Windows computer reboots they’ll be faced with a message:

This is not us!

This is not us

In many ways it’s a throwback to the early days of malware, when some viruses would overwrite a PC’s boot-up code and display messages such as “Your computer is now stoned!”. And yes, virus historians, I’m well aware that the Stoned virus was also known as New Zealand…

This new malware hasn’t been created to grant remote hackers access to an infected PC, nor to steal files, or hold the victim to ransom. My guess is that whoever created the malware-laden version of the document was outraged by the horror of the shooting of innocent people, and simply wanted to bloody the nose of anyone showing an unhealthy interest in it.

Tags: , ,

Share this article:

   Join thousands of others and sign up to our free "GCHQ" newsletter.

Smashing Security podcast
Check out "Smashing Security", the award-winning weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"It's brilliant!" • "Three people having fun in an industry often focused on bad news" • Winner of the Best Security Podcast 2018

Latest episodes:
Listen on Apple Podcasts Listen on Google Podcasts

, ,

6 Responses

  1. Smashdamn

    March 29, 2019 at 9:48 pm #

    Lol thanks for the warning deleted the file and got the pastebin version instead.

  2. Drew Lewis

    March 30, 2019 at 3:00 pm #

    Wow, for a “security” website you sure have no idea what you are talking about. Just another garbage clickbait site to avoid.

    Disk-wiping? That’s not a stretch it’s a blatant lie or the ramblings of a confused old man.

    Either way it shows everything on this site is misinformation.

    • Graham Cluley in reply to Drew Lewis.

      March 30, 2019 at 3:23 pm #

      It overwrites the MBR. So yeah, it doesn’t wipe the entire hard drive.

      • Ian Moone in reply to Graham Cluley.

        March 31, 2019 at 8:34 am #

        MBR is only 512mb so far from an entire hard drive. Its like 1 grain of sand from a bag of sand. But a pain ont he bum for someone who’s not tech savyto fix.

        • Graham Cluley in reply to Ian Moone.

          April 3, 2019 at 7:06 pm #

          I remember in the old days some folks would reformat their hard drives when they discovered they had been infected by an MBR virus like Stoned - not realising that they had just wiped all of their hard drive, *apart* from the virus. Oops!

  3. Dave

    March 31, 2019 at 3:43 am #

    This is awesome, shame just wipes the MBR. As a previous cretin has pointed out, it won’t stop people reading it, but it might put a few people off.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

#####EOF##### Adobe Flash Archives - Graham Cluley

Archive | Adobe Flash

#####EOF##### Smashing Security podcast: "Hijacked motel rooms, ASUS PCs, and leaky apps"

Smashing Security #121: Hijacked motel rooms, ASUS PCs, and leaky apps

Industry veterans, chatting about computer security and online privacy.
               

Smashing Security #121: Hijacked motel rooms, ASUS PCs, and leaky apps
An app leaking private conversations and intimate photographs is ignoring requests to fix the problem, hackers poison a security update sent to ASUS PCs, and how to protect your privacy in motel rooms.

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Maria Varmazis.

Smashing Security #121: ‘Hijacked motel rooms, ASUS PCs, and leaky apps’

Listen on Apple Podcasts | Google Podcasts | Other… | RSS

Hosts:

Graham Cluley - @gcluley
Carole Theriault - @caroletheriault

Guest:

Maria Varmazis - @mvarmazis

Show notes:

Sponsor: Mimecast

Grab your FREE Cybersecurity Awareness Training Kit from Mimecast, and share it throughout your company. Give your employees the information they need to make the best cybersecurity decisions.

Get your free kit at smashingsecurity.com/mimecast

Follow the show:

Follow the show on Twitter at @SmashinSecurity, on the Smashing Security subreddit, or visit our website for more episodes.

Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!

Warning: This podcast may contain nuts, adult themes, and rude language.

Tags: , , , , , , ,

Share this article:

   Join thousands of others and sign up to our free "GCHQ" newsletter.

Smashing Security podcast
Check out "Smashing Security", the award-winning weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"It's brilliant!" • "Three people having fun in an industry often focused on bad news" • Winner of the Best Security Podcast 2018

Latest episodes:
Listen on Apple Podcasts Listen on Google Podcasts

, , , , , , ,

One Response

  1. mark jacobs

    March 29, 2019 at 2:11 pm #

    Crazy and very funny! Thanks guys!

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

#####EOF##### Apple Archives - Graham Cluley

Archive | Apple

Smashing Security #115: Love, Nests, and is 2FA destroying the world? PODCAST

Smashing Security #115: Love, Nests, and is 2FA destroying the world?

Is two factor authentication such a pain in the rear end that it’s costing the economy millions? Do you feel safe having a Google Nest in your home? And don’t get caught by a catfisher this Valentine’s Day.

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by B J Mendelson.

Read more...
Smashing Security #113: FaceTime, Facebook, faceplant PODCAST

Smashing Security #113: FaceTime, Facebook, faceplant

FaceTime bug allows callers to see and hear you *before* you answer the phone, Facebook’s Nick Clegg tries to convince us the social network is changing its ways, and IoT hacking is big in Japan.

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by John Hawes from AMTSO.

Read more...
Smashing Security #103: An Instagram nightmare, crazy iPhone deaths, and election hack claims PODCAST

Smashing Security #103: An Instagram nightmare, crazy iPhone deaths, and election hack claims

One travel blogger finds you don’t have to be Kylie Jenner to be targeted by an Instagram hacker. When 40 iPhones at a hospital mysteriously die, what could be the explanation? And, surprise surprise, political parties in the USA are throwing around hacking accusations.

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Naked Security’s Mark Stockley.

Read more...
Bloomberg thumb

China accused of sabotaging thousands of servers at major US companies with tiny microchips hidden on motherboards

An extraordinary report released by Bloomberg BusinessWeek, which claims that China has been exploiting the supply-chain, planting a tiny microchip on servers which ended up in the server rooms of almost 30 companies, including the likes of Apple and Amazon.

Read more...
#####EOF##### Apple Safari Archives - Graham Cluley

Archive | Apple Safari

Adobe Flash zero day vulnerability exploited by hackers to infect IE and Firefox users

Adobe Flash zero day vulnerability exploited by hackers to infect IE and Firefox users

Adobe has warned that online criminals are attacking Internet Explorer and Firefox users via an as-yet-unpatched zero day vulnerability in Adobe Flash.

Do you know how to enable Click to Play in your browser to protect yourself?

Read more...
#####EOF##### Malware Archives - Graham Cluley

Archive | Malware

Smashing Security #122: The big fat con at Office Depot PODCAST

Smashing Security #122: The big fat con at Office Depot

Office Depot and OfficeMax are fined millions for tricking customers into thinking their computers were infected with malware, car alarms can make your vehicle less secure, and facial recognition in apartment blocks comes under the microscope.

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by The Cyberwire’s Dave Bittner.

Read more...
Smashing Security #121: Hijacked motel rooms, ASUS PCs, and leaky apps PODCAST

Smashing Security #121: Hijacked motel rooms, ASUS PCs, and leaky apps

An app leaking private conversations and intimate photographs is ignoring requests to fix the problem, hackers poison a security update sent to ASUS PCs, and how to protect your privacy in motel rooms.

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Maria Varmazis.

Read more...
Asus pushes out urgent security update after its own automatic Live Update tool was hacked

Asus pushes out urgent security update after its own automatic Live Update tool was hacked

Taiwan-based technology giant Asus is advising concerned customers to run a newly-created diagnostic tool on their Windows computers after hackers pushed out malware to what some security researchers have estimated to be as many as one million PCs using Asus’s own Live Update software tool.

Read more in my article on the Tripwire State of Security blog.

Read more...
Smashing Security #120: Silk Road with Deliveroo PODCAST

Smashing Security #120: Silk Road with Deliveroo

Online drug dealers get busted due to poor OPSEC! People are still failing to wipe their USB sticks properly! A potential presidential candidate is outed as a former hacker! Flat Earthers! Pi! Empathy!

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Paul Ducklin.

Read more...
Smashing Security #119: Hijacked homes, porn passports, and ransomware regret PODCAST

Smashing Security #119: Hijacked homes, porn passports, and ransomware regret

A $150 million mansion is hijacked online, Brits will soon have to scan their passport to watch internet porn, and are organisations right to pay up when hit by ransomware?

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by technology broadcaster David McClelland.

Read more...
Smashing Security #117: SWATs on a plane PODCAST

Smashing Security #117: SWATs on a plane

Why is Tampa’s mayor tweeting about blowing up the airport? Are hackers trying to connect with you via LinkedIn? And has Maria succeeded in her attempt to survive February without Facebook?

All this and much much more in the latest edition of the “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Maria Varmazis.

Plus, after last week’s discussion about the legal battle between Mondelez and Zurich Insurance, we have a chat with security veteran Martin Overton to take a deeper look into cyberinsurance.

Read more...
#####EOF##### BlackBerry Archives - Graham Cluley

Archive | BlackBerry

BlackBerry believes in encryption backdoors - believes it's good for business

BlackBerry believes in encryption backdoors - thinks it’s good for business

BlackBerry and its rivals couldn’t be further apart it seems, telling federal conference delegates that the company is a strong believer in providing law enforcement agencies with methods to lawfully intercept communications.

Read more in my article on the Bitdefender Business Insights blog.

Read more...
Graham Cluley

BlackBerry warns of TIFF vulnerability that could allow malware to run on enterprise servers

Malicious hackers could create a boobytrapped TIFF image file and either trick a BlackBerry smartphone user into visiting a webpage carrying the image, or embed the malicious image directly into an email or instant message…

..and plant malware on your enterprise server.

Read more...
Graham Cluley VIDEO

Mobile phone theft on the rise - here’s how to protect your data for free

Research released today has revealed that the theft of mobile phones is on the rise.

This isn’t just about losing an expensive phone - there’s also the threat of losing your data and money.

Learn how to better protect your phone.

Read more...
#####EOF##### Security threats Archives - Graham Cluley

Archive | Security threats

Smashing Security #122: The big fat con at Office Depot PODCAST

Smashing Security #122: The big fat con at Office Depot

Office Depot and OfficeMax are fined millions for tricking customers into thinking their computers were infected with malware, car alarms can make your vehicle less secure, and facial recognition in apartment blocks comes under the microscope.

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by The Cyberwire’s Dave Bittner.

Read more...
Smashing Security #121: Hijacked motel rooms, ASUS PCs, and leaky apps PODCAST

Smashing Security #121: Hijacked motel rooms, ASUS PCs, and leaky apps

An app leaking private conversations and intimate photographs is ignoring requests to fix the problem, hackers poison a security update sent to ASUS PCs, and how to protect your privacy in motel rooms.

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Maria Varmazis.

Read more...
Asus pushes out urgent security update after its own automatic Live Update tool was hacked

Asus pushes out urgent security update after its own automatic Live Update tool was hacked

Taiwan-based technology giant Asus is advising concerned customers to run a newly-created diagnostic tool on their Windows computers after hackers pushed out malware to what some security researchers have estimated to be as many as one million PCs using Asus’s own Live Update software tool.

Read more in my article on the Tripwire State of Security blog.

Read more...
Smashing Security #120: Silk Road with Deliveroo PODCAST

Smashing Security #120: Silk Road with Deliveroo

Online drug dealers get busted due to poor OPSEC! People are still failing to wipe their USB sticks properly! A potential presidential candidate is outed as a former hacker! Flat Earthers! Pi! Empathy!

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Paul Ducklin.

Read more...
Online training site says it is spamming insecure printers with adverts

Online training site says it is spamming insecure printers with adverts

Online training site Skillbox says that it has come up with an imaginative way to reach out to potential clients, and invite them to change their careers from being accountants and become graphical designers instead.

The Russian firm’s idea? To send a spam message to thousands of printers left open to the internet.

Is this really happening again?

Read more...
Smashing Security #119: Hijacked homes, porn passports, and ransomware regret PODCAST

Smashing Security #119: Hijacked homes, porn passports, and ransomware regret

A $150 million mansion is hijacked online, Brits will soon have to scan their passport to watch internet porn, and are organisations right to pay up when hit by ransomware?

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by technology broadcaster David McClelland.

Read more...
#####EOF##### 540 million Facebook users left exposed due to sloppy third-party developer security

540 million Facebook users left exposed due to sloppy third-party developer security

Data was accessible on Amazon cloud servers, with no password protection.
               

540 million Facebook users left exposed due to sloppy third-party developer security

What’s going on?
Bloomberg is reporting that security researchers have discovered a huge amount of data containing information about millions of Facebook users, left available for anyone to access - no password required.

So it’s another Facebook screw-up?
Well, it’s not quite as simple as that. You see the data - which ended up on unsecured Amazon S3 buckets - was put there by third-parties, whose apps integrated with Facebook. In short, Facebook allowed them to have access to the data, but then the third-parties were careless with it.

What third-party companies are these?
According to UpGuard, who first discovered the exposed datasets, 540 million of the records come from a Mexican media company called Cultura Colectiva. In addition, a much smaller collection of data originated from a now defunct company who built a Facebook-integrated app called “At the Pool.”

What data was left on the unsecured Amazon S3 servers?
The massive Cultura Colectiva batch of records contained Facebook users’ names, comments, likes, relationships, and interactions.

In the case of “At the Pool,” the exposed information included details scraped from Facebook accounts including names, email addresses, Facebook IDs, photos, check-ins, friend lists, interests, and other details.

540 million. That sounds like an awful lot of Facebook records to scrape.
Yes, it is. Especially when you remember it’s just a year since Facebook admitted that as many as 87 million people had had their details improperly shared with Cambridge Analytica.

So, what you’re saying is that the risk is not just sharing data with Facebook, but not having control over what happens to data once you’ve shared it with Facebook?
Exactly.

There are a myriad of third-parties out there grabbing information via Facebook-integrated apps, and you have no way of knowing how well they are securing your data or - in many cases - what they might have taken at all.

Presumably this exposed data has been taken offline now, though?
The smaller “At the Pool” data was actually taken offline before the researchers informed them of the problem.

But the story isn’t so good when it comes to the much much larger Cultura Colectiva treasure trove of data. UpGuard first informed Cultura Colectiva on January 10 2019 about the problem, but heard nothing back. It also heard nothing back when it contacted the organisation again four days later.

Frustrated by the lack of response, the researchers then approached Amazon, who said they would tell the owner of the S3 bucket about the problem. Three weeks later, the data was still exposed.

Eventually it took until today, after Bloomberg contacted Facebook for comment, for the database to be properly secured.

I’m beginning to think using Facebook may not be such a great idea.
Don’t be silly. It’s great.

Seriously?
Okay, you rumbled me. Yes, of course it’s terrible. If you value your privacy, the only sensible step is to quit Facebook before worse things happen. But it’s hard for many people to quit.

We put together a “Smashing Security” podcast where we describe how to quit Facebook and offer some techniques for people who are fearful of going cold turkey.

Smashing Security #75: ‘Quitting Facebook’

Listen on Apple Podcasts | Google Podcasts | Other… | RSS

Tags: , ,

Share this article:

   Join thousands of others and sign up to our free "GCHQ" newsletter.

Smashing Security podcast
Check out "Smashing Security", the award-winning weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"It's brilliant!" • "Three people having fun in an industry often focused on bad news" • Winner of the Best Security Podcast 2018

Latest episodes:
Listen on Apple Podcasts Listen on Google Podcasts

, ,

No comments yet.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

#####EOF##### Podcast Archives - Graham Cluley

Archive | Podcast

Smashing Security #122: The big fat con at Office Depot PODCAST

Smashing Security #122: The big fat con at Office Depot

Office Depot and OfficeMax are fined millions for tricking customers into thinking their computers were infected with malware, car alarms can make your vehicle less secure, and facial recognition in apartment blocks comes under the microscope.

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by The Cyberwire’s Dave Bittner.

Read more...
Smashing Security #121: Hijacked motel rooms, ASUS PCs, and leaky apps PODCAST

Smashing Security #121: Hijacked motel rooms, ASUS PCs, and leaky apps

An app leaking private conversations and intimate photographs is ignoring requests to fix the problem, hackers poison a security update sent to ASUS PCs, and how to protect your privacy in motel rooms.

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Maria Varmazis.

Read more...
Smashing Security #120: Silk Road with Deliveroo PODCAST

Smashing Security #120: Silk Road with Deliveroo

Online drug dealers get busted due to poor OPSEC! People are still failing to wipe their USB sticks properly! A potential presidential candidate is outed as a former hacker! Flat Earthers! Pi! Empathy!

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Paul Ducklin.

Read more...
Smashing Security #119: Hijacked homes, porn passports, and ransomware regret PODCAST

Smashing Security #119: Hijacked homes, porn passports, and ransomware regret

A $150 million mansion is hijacked online, Brits will soon have to scan their passport to watch internet porn, and are organisations right to pay up when hit by ransomware?

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by technology broadcaster David McClelland.

Read more...
Smashing Security #118: The 's' in IoT stands for security PODCAST

Smashing Security #118: The ‘s’ in IoT stands for security

Twerking robot assistants, an app from Saudi Arabia that lets men track women, and a gnarly skiing security snarl-up!

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by technology journalist Geoff White.

Read more...
Smashing Security #117: SWATs on a plane PODCAST

Smashing Security #117: SWATs on a plane

Why is Tampa’s mayor tweeting about blowing up the airport? Are hackers trying to connect with you via LinkedIn? And has Maria succeeded in her attempt to survive February without Facebook?

All this and much much more in the latest edition of the “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Maria Varmazis.

Plus, after last week’s discussion about the legal battle between Mondelez and Zurich Insurance, we have a chat with security veteran Martin Overton to take a deeper look into cyberinsurance.

Read more...
Smashing Security #116: Stalking debtors, Facebook farce, and a cyber insurance snag PODCAST

Smashing Security #116: Stalking debtors, Facebook farce, and a cyber insurance snag

How would *you* track someone who owed you money? What was the colossal flaw Facebook left on its website for anyone to exploit and hijack accounts? And what excuse are insurance companies giving for not paying victims of the NotPetya malware millions of dollars?

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Joe Carrigan of the Information Security Institute at Johns Hopkins University.

Read more...
Smashing Security #115: Love, Nests, and is 2FA destroying the world? PODCAST

Smashing Security #115: Love, Nests, and is 2FA destroying the world?

Is two factor authentication such a pain in the rear end that it’s costing the economy millions? Do you feel safe having a Google Nest in your home? And don’t get caught by a catfisher this Valentine’s Day.

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by B J Mendelson.

Read more...
Smashing Security #114: Darknet Diaries, death, and beauty apps PODCAST

Smashing Security #114: Darknet Diaries, death, and beauty apps

Jack Rhysider from the “Darknet Diaries” podcast joins us to chat about his interview with the elusive Hacker Giraffe, how a death is preventing cryptocurrency investors from reaching their money, and how ‘beauty camera’ apps are redirecting users to phishing websites and stealing their selfies.

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast, hosted by computer security veterans Graham Cluley and Carole Theriault.

Read more...
Smashing Security #113: FaceTime, Facebook, faceplant PODCAST

Smashing Security #113: FaceTime, Facebook, faceplant

FaceTime bug allows callers to see and hear you *before* you answer the phone, Facebook’s Nick Clegg tries to convince us the social network is changing its ways, and IoT hacking is big in Japan.

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by John Hawes from AMTSO.

Read more...
Smashing Security #112: Payroll scams, gold coin heists, web giants spanked PODCAST

Smashing Security #112: Payroll scams, gold coin heists, web giants spanked

Business email compromise evolves to target your company’s payroll, how the world’s largest gold coin was stolen from a Berlin museum, and are internet giants feeling the heat yet over data security?

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by people hacker Jenny Radcliffe.

Read more...
Smashing Security #111: When rivals hack, and 'extreme' baby monitors PODCAST

Smashing Security #111: When rivals hack, and ‘extreme’ baby monitors

Why a business spat resulted in Liberia falling off the internet, how the US Government shutdown is impacting website security, and the perplexing world of extreme IoT devices.

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by special guest Zoë Rose.

Read more...
Smashing Security #110: What? You can get paid to leave Facebook? PODCAST

Smashing Security #110: What? You can get paid to leave Facebook?

Twitter and the not-so-ethical hacking of celebrity accounts, study discovers how you can pay someone to quit Facebook for a year, and the millions of dollars you can make from uncovering software vulnerabilities.

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Maria Varmazis.

Read more...
Smashing Security #109: Grinches target Amazon and Reddit, stealing Christmas from the poor PODCAST

Smashing Security #109: Grinches target Amazon and Reddit, stealing Christmas from the poor

Join us for our special Christmas episode as we tell tales of printer hacking, website defacement, Grinches, and how Google is snooping on your private YouTube videos.

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by The CyberWire’s Dave Bittner.

Read more...
#####EOF##### Awards Archives - Graham Cluley

Archive | Awards

Smashing Security #081: Hacker no-hopers, Wessex Water has a word, and we win an award PODCAST

Smashing Security #081: Hacker no-hopers, Wessex Water has a word, and we win an award

The ‘mastermind’ behind the Owari botnet doesn’t seem to have learnt anything from his victims, someone at Wessex Water forgets to remove an embarrassing sentence from a letter sent to customers, and we’re officially the best security podcast!

All this and much much more is discussed in the latest edition of the “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, with cameo appearances by John Hawes, John Leyden, Paul Ducklin, and Mikko Hyppönen.

Read more...
Graham Cluley grovels for votes in Cybersecurity Excellence Awards

I could do with a little favour…

I’m honoured to have been nominated for the title of “Cybersecurity Educator of the Year” at the Cybersecurity Excellence Awards.

But here’s the problem. I’ve basically forgotten to tell anybody about it. And voting closes in the next couple of days at the end of February…

Read more...
#####EOF##### Computer security expert Graham Cluley - public speaking

Public speaking


Are you organising a computer security conference, or do you want to raise cyber security awareness within your business?

Do you need to find an entertaining, energetic keynote speaker who will keep the interest of your audience and get them to “buy in” to the importance of proper cyber security, in a fun, engaging way?

Or are you looking for an award-winning independent expert to speak or facilitate at your event?

“Graham was a keynote speaker at the Experian Identity & Fraud Forum. His session was slick, well informed, superbly delivered and among the best I’ve ever seen - all of which helped underpin the credibility of our event and was reflected by the wholehearted feedback from our delegates.”

“Graham’s knowledge, insight and ability to present potentially dry and weighty subject matter in a manner that’s accessible to all is superb.”

“Ignore him at your peril. He is, quite rightly, hugely in demand and simply cannot be recommended highly enough.”

Dominic Eaves
Experian

As well as running my independent blog and talking to the media about computer security issues, you can also hire me to give a keynote speech at your company’s events or conferences.

I have given talks for some of the world’s biggest companies, and delivered keynote speeches at events such as Microsoft Future Decoded, WebSummit, RSA, Campus Party, Infosec, Virus Bulletin, IP Expo, ISACA, EICAR, ICSA, ISSA, RANT, AVAR, British Computer Society, Cyber Security Symposium, BriForum, Ecrime Congress, Insight Technology Show, and the European Internet Security Forum.

Graham Cluley speaking at Microsoft Future Decoded, Nov 2015

Recent and upcoming keynote speeches and public talks

  • 6-8 November 2019: Chair: National Information Security Conference (NISC), Carden Park, Cheshire.
  • 18 October 2019: Keynote: CyberCrime Symposium, Portland, Maine, USA.
  • 6 June 2019: Keynote: Slovenian Insurance Association, Portoroz, Slovenia.
  • 29 May 2019: Keynote: ITWeb Security Summit, Johannesburg, South Africa.
  • 23 May 2019: Keynote: Big Data is the New Currency, RavenPack Research Symposium, London.
  • 15 May 2019: LastPass event, London, UK.
  • 3 April 2019: IP EXPO, Manchester, UK.
  • 2 April 2019: Keynote: FLIGHT 2019, Kimpton Fitzroy, London, UK.
  • 2 April 2019: Keynote: Kaspersky partner event, London Stock Exchange, UK.
  • 16 October 2018: Richardson Capital, Worcestershire, UK.
  • 10-12 October 2018: Chair: National Information Security Conference (NISC), Glasgow.
  • 9 October 2018: UBS Cybersecurity event, London, UK.
  • 3 October 2018: IP EXPO, London, UK.
  • 25 September 2018: Beazley Cyber Summit, Seville, Spain.
  • 20 September 2018: Secure Computing Forum, Dublin, Ireland.
  • 30 August 2018: HP Wolf 3 event, London, UK.
  • 4 July 2018: UKFast, London, UK.
  • 3 July 2018: UKFast, Manchester, UK.
  • 27 June 2018: SecureTour 18, Edinburgh, UK.
  • 21 June 2018: Lock it down, London, UK.
  • 20 June 2018: Keynote: Cloud Security Summit, London, UK.
  • 19 June 2018: SecureTour 18, Manchester, UK.
  • 15 June 2018: SecureTour 18, London, UK.
  • 13 June 2018: SecureTour 18, Cambridge, UK.
  • 6 June 2018: Sunny Side Up Security, InfoSecurity 2018, London, UK.
  • 2 May 2018: Keynote: Lock it down, Birmingham, UK.
  • 28 February 2018: Keynote: Elevate, Nuremberg, Germany.
  • 27 November 2017: SWIFT Premium Services Forum, Amsterdam, Netherlands.
  • 23 November 2017: BSI Standards Forum, London.
  • 2 November 2017: Keynote: secureCISO London.
  • 25 October 2017: Euromoney Conference, Zurich, Switzerland.
  • 19 October 2017: PwC Cybersecurity Day, Luxembourg.
  • 13 October 2017: Keynote: Charity IT Leaders Conference, Whittlebury Hall, Milton Keynes.
  • 12 October 2017: Keynote: Misco Expo, London
  • 10 October 2017: Chairman and speaker: European Legal Security Forum 2017, Old Billingsgate, London.
  • 4 October 2017: Keynote: IP EXPO Europe, ExCel, London.
  • 26 September 2017: Keynote: Fraud Force, New York City.
  • 21 September 2017: Keynote: SW WARP, Buckfast Abbey, Devon.
  • 20 September 2017: Keynote: AIT Annual Conference, Luton Hoo, Bedfordshire
  • 25 July 2017: Codenomi-Con, Mandalay Bay, Las Vegas.
  • 6 July 2017: Keynote: Foursys SecureTour 17, Manchester.
  • 15 June 2017: Keynote: Institutional Investor Summit, Hilton Syon Park, London
  • 14 June 2017: Keynote: Unlocked London, The Shard, London.
  • 6 June 2017: Keynote: IFoA’s Joint Risk, Investment, Pensions Conference 2017, Celtic Manor, Newport.
  • 5 June 2017: Keynote: Foursys SecureTour 17, Cambridge.
  • 23 May 2017: Keynote: Foursys SecureTour 17, Edinburgh.
  • 19 May 2017: Keynote: Foursys SecureTour 17, London.
  • 16 May 2017: Keynote: Foursys SecureTour 17, Belfast.
  • 12 May 2017: Wandera mobile security event, London.
  • 5 May 2017: Keynote: UCISA Cyber Security Survival Guide, Birmingham.
  • 4 May 2017: Citywire South East 2017, Hampshire.
  • 26 April 2017 - Keynote: Capita One National User Group, Warwickshire.
  • 24 April 2017: PwC International Tax Academy, Paris.
  • 28 March 2017: Keynote: Unlocked Manchester, UKFast Campus, Manchester.
  • 14 March 2017 - Keynote: KIACS Cyber Security Conference, Kuwait.
  • 9 March 2017: Ignition Technology security event, The Shard, London.
  • 26 January 2017 - Keynote: StormCloud 2017, London.
  • 7 December 2016 - Keynote: Computer Science in Action, University of Warwick.
  • 3 November 2016 - Keynote: Life Conference 2016, Edinburgh.
  • 2 November 2016 - Keynote: Heatwave 2016, London.
  • 26 October 2016 - Keynote: Nordic IT Security, Stockholm, Sweden.
  • 20 October 2016 - Keynote: Cyber security awareness event, Richmond, Virginia.
  • 11-12 October 2016 - Keynote: Navigate ’16, Berlin.
  • 4 October 2016 - Keynote: Payments Knowledge Forum, London.
  • 12 September 2016 - Keynote: Pension Protection Fund, Croydon.
  • 12 July 2016 - Event chairperson and keynote: European Legal Security Forum, Bishopsgate, London.
  • 15 June 2016 - Keynote: Data Security in the Cloud summit, London.
  • 26 May 2016 - Keynote: Foursys SecureTour 16, London.
  • 25 May 2016 - Keynote: Foursys SecureTour 16, Cambridge.
  • 19 May 2016 - Dell security event, BriForum, London.
  • 10 May 2016 - Keynote: Foursys SecureTour 16, Belfast.
  • 5 May 2016 - Keynote: Foursys SecureTour 16, Loch Lomond.
  • 4 May 2016 - Keynote: Foursys SecureTour 16, Manchester.
  • 28 April 2016 - Executive Exchange: Empowering Digital Transformation, Edinburgh.
  • 26 April 2016 - Executive Exchange: Empowering Digital Transformation, London.
  • 7 April 2016 - Keynote: ERA Regional Conference, Prague.
  • 31 March 2016 - JLA Speakers Breakfast, London.
  • 22 March 2016 - Keynote: CSO Perspectives Roadshow 2016, Melbourne, Australia.
  • 15 March 2016 - Keynote: CSO Perspectives Roadshow 2016, Sydney, Australia.
  • 16 February 2016 - Keynote: TUG Connects 2016, San Antonio, Texas.
  • 26-28 January 2016 - Keynote: Bourne Leisure Safety Conference, Thoresby Park, Nottinghamshire.
  • 17 November 2015 - Keynote: Insight Technology Show, Manchester.
  • 11 November 2015 - Keynote: Microsoft Future Decoded, ExCeL, London.
  • 4 November 2015 - Keynote: HEATwave 2015, London.
  • 3 November 2015 - Keynote: GSE UK Conference, Milton Keynes.
  • 14 September 2015 - Avecto security dinner and networking event, OXO Tower, London.
  • 29 July 2015 - Threats and data breaches web seminar, Intralinks.
  • 1 July 2015 - Secure Trading Cyber Security forum, Churchill War Rooms, London.
  • 30 June 2015 - Keynote: Trusted Digital Identity Symposium, Belgian Ambassador Residence, London.
  • 11 June 2015 - Keynote: Enabling Safe Business, Sunderland.
  • 3 June 2015 - Datacloud 2015 Global Congress, Monaco.
  • 30 April 2015 - Banking security event, McLaren Technology Centre.
  • 23 April 2015 - Keynote: ESET Partner Conference.
  • 10 March 2015 - Keynote: E-Crime and Information Security Congress, London.
  • 12 February 2015 - Insight Partner Forum, London.
  • 11 December 2014 - British Computer Society, Oxford.
  • 12-14 November 2014 - Keynote: AVAR 2014, Sydney, Australia.
  • 21 October 2014 - Keynote: Cyber Security Symposium 2014, Brussels.
  • 16 October 2014 - SecureTour 14, Manchester.
  • 14 October 2014 - SecureTour 14, London.
  • 14 October 2014 - Experian Identity and Fraud Forum, Watford.
  • 8 October 2014 - SecureTour 14, Cambridge.
  • 7 October 2014 - SecureTour 14, Bristol.
  • 3 October 2014 - Keynote at ISACA Ireland’s annual conference, Dublin, Ireland.
  • 26-27 June 2014 - FourSys Security Conference, Loch Lomond, Scotland.
  • 19-20 June 2014 - FourSys Security Conference, Belfast.
  • 12 June 2014 - RANT Conference, London.
  • 16-17 May 2014 - Keynote: EMVA Business Conference, Vienna, Austria.
  • 8 May 2014 - Keynote: ESET Partner Conference.
  • 29 April - 1 May 2014 - Infosecurity Europe, London.
  • 27 March 2014 - Keynote: Wraith Intelligence event.
  • 25 March 2014 - LawTech Futures 2014, London.
  • 14 March 2014 - Keynote: The Insight Technology Show, London.
  • 11 March 2014 - e-Crime and Information Security Congress, London.
  • 6 March 2014 - IT Leaders Forum, London Stock Exchange.
  • 28 November 2013 - Web Seminar: “Closing the IT security risk management gap: 3 Ways to connect IT & the Board”
  • 5 November 2013 - Keynote: Infosecurity Magazine Winter Virtual Conference
  • 31 October 2013 - Web Summit, Dublin.
  • 29 October 2013 - #SocialMediaWhatsTrending, BBC North, Salford.
  • 17 October 2013 - IP Expo, London.
  • 15 October 2013 - eCrime and Cyber Security Seminar 2013, London.
  • 4 October 2013 - Virus Bulletin, Berlin.
  • 3 September 2013 - Campus Party Europe, O2 Millennium Dome, London.
  • 1 March 2013 - “The Crossbill SpyEye Malware Investigation”, RSA Conference, San Francisco.
  • 28 February 2013 - “Will you ever be able to trust social networks?”, RSA Conference, San Francisco.
  • 1-4 March 2010 - “Web 2 Woe: Cybercrime on Social Networks”, RSA Conference, San Francisco.

I am able to talk extensively and give carefully researched presentations that draw on my years of experience in the computer security industry. What’s more, I can specifically tailor my presentation for your audience - pitching it at just the right level to keep people entertained as well as informed.

So, whether you want to raise security awareness within your business or need a keynote speaker at your conference, I could be the right man for the job!

Panel session, featuring Graham Cluley

If you would like an independent expert to speak at your company’s event, give a keynote presentation at your conference or host a panel, please complete the form below.

Thanks!

Your details

 

Event details

 

Verification

#####EOF##### Denial of Service Archives - Graham Cluley

Archive | Denial of Service

Smashing Security #118: The 's' in IoT stands for security PODCAST

Smashing Security #118: The ‘s’ in IoT stands for security

Twerking robot assistants, an app from Saudi Arabia that lets men track women, and a gnarly skiing security snarl-up!

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by technology journalist Geoff White.

Read more...
Hacker arrested for wave of fake bomb and shooting threats against schools

Hacker arrested for wave of fake bomb and shooting threats against schools

FBI agents have arrested a 20-year-old man alleged to have been part of a hacking gang which not only launched distributed denial-of-service (DDoS) attacks, but also launched a wave of chilling bomb and shooting threats against thousands of schools in the United States and United Kingdom.

Read more in my article on the Tripwire State of Security blog.

Read more...
Smashing Security #111: When rivals hack, and 'extreme' baby monitors PODCAST

Smashing Security #111: When rivals hack, and ‘extreme’ baby monitors

Why a business spat resulted in Liberia falling off the internet, how the US Government shutdown is impacting website security, and the perplexing world of extreme IoT devices.

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by special guest Zoë Rose.

Read more...
Smashing Security #090: Fortnite for Android, and the FCC's DDoS BS PODCAST

Smashing Security #090: Fortnite for Android, and the FCC’s DDoS BS

Fortnite players are told they’ll have to disable a security setting on Android, the FCC finally admits that it wasn’t hit by a DDoS attack, and Verizon’s VPN smallprint raises privacy concerns.

All this and much much more is discussed in the latest edition of the award-winning “Smashing Security” podcast hosted by computer security veterans Graham Cluley and Carole Theriault, joined this week by David Bisson.

Read more...
Smashing Security #081: Hacker no-hopers, Wessex Water has a word, and we win an award PODCAST

Smashing Security #081: Hacker no-hopers, Wessex Water has a word, and we win an award

The ‘mastermind’ behind the Owari botnet doesn’t seem to have learnt anything from his victims, someone at Wessex Water forgets to remove an embarrassing sentence from a letter sent to customers, and we’re officially the best security podcast!

All this and much much more is discussed in the latest edition of the “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, with cameo appearances by John Hawes, John Leyden, Paul Ducklin, and Mikko Hyppönen.

Read more...
#####EOF##### Smashing Security podcast: Silk Road with Deliveroo

Smashing Security #120: Silk Road with Deliveroo

Industry veterans, chatting about computer security and online privacy.
               

Smashing Security #120: Silk Road with Deliveroo
Online drug dealers get busted due to poor OPSEC! People are still failing to wipe their USB sticks properly! A potential presidential candidate is outed as a former hacker! Flat Earthers! Pi! Empathy!

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Paul Ducklin.

Smashing Security #120: ‘Silk Road with Deliveroo’

Listen on Apple Podcasts | Google Podcasts | Other… | RSS

Hosts:

Graham Cluley - @gcluley
Carole Theriault - @caroletheriault

Guest:

Paul Ducklin - @duckblog

Show notes:

Sponsor: Recorded Future

For anyone who is baffled by threat intelligence, and the benefits that it can bring to your company, this is the book for you.

“The Threat Intelligence Handbook” is an easy-to-read guide will help you understand why threat intelligence is an essential part of every organisation’s defence against the latest cyber attacks.

Download it for free at smashingsecurity.com/intelligence

Follow the show:

Follow the show on Twitter at @SmashinSecurity, or visit our website for more episodes.

Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!

Warning: This podcast may contain nuts, adult themes, and rude language.

Tags: , , , , , , , ,

Share this article:

   Join thousands of others and sign up to our free "GCHQ" newsletter.

Smashing Security podcast
Check out "Smashing Security", the award-winning weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"It's brilliant!" • "Three people having fun in an industry often focused on bad news" • Winner of the Best Security Podcast 2018

Latest episodes:
Listen on Apple Podcasts Listen on Google Podcasts

, , , , , , , ,

No comments yet.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

#####EOF#####